2341 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-20677)
Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-20677 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-20677 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross Site Scripting') in Bootstrap (CVE-2018-14041)
Summary Bootstrap is used by IBM Storage Ceph as a CSS framework. CVE-2018-14041 This bulletin identifies the steps to take to address the vulnerability in Bootstrap. Vulnerability Details CVEID: CVE-2018-14041 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper...
CPT Bootstrap Carousel <= 1.12 - Reflected Cross-Site Scripting
Description The CPT Bootstrap Carousel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance
Summary Multiple security vulnerabilities related to jQuery, Bootstrap, and other components have been addressed in IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...
CVE-2023-52196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...
CVE-2023-52196 WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...
CVE-2023-52196 WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...
CVE-2023-52196
CVE-2023-52196 affects WordPress CPT Bootstrap Carousel plugin
WordPress Plugin CPT Bootstrap Carousel Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-14463 · Unknown · Cpt Bootstrap Carousel
Name of the Vulnerable Software and Affected Versions: CPT Bootstrap Carousel versions 1.12 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can...
WordPress CPT Bootstrap Carousel Plugin <= 1.12 is vulnerable to Cross Site Scripting (XSS)
Software CPT Bootstrap Carousel Type Plugin Vulnerable versions = 1.12 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-52196 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0ea2a573201b Credits Dimas Maulana Required...
AZL-35291 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-18
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
AZL-32271 CVE-2023-7008 affecting package systemd-bootstrap for versions less than 250.3-13
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles or the upstream DNS resolver to manipulate records...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. It provides a platform for setting up one's GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server 3.8.0 and later, which stems from...
postgresql: extension script @substitutions@ within quoting allow SQL injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...
postgresql: extension script @substitutions@ within quoting allow SQL injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...
postgresql: extension script @substitutions@ within quoting allow SQL injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...
postgresql: extension script @substitutions@ within quoting allow SQL injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...
postgresql: extension script @substitutions@ within quoting allow SQL injection
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...