269 matches found
GO-2023-1597 Cross site scripting in github.com/kitabisa/teler-waf
Improper sanitization and filtering of HTML entities in user input can lead to cross-site scripting XSS attacks where arbitrary JavaScript code is executed in the browser...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
keycloak: XSS on impersonation under specific circumstances
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...
keycloak: XSS on impersonation under specific circumstances
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...
keycloak: XSS on impersonation under specific circumstances
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability...
GHSA-9F95-HHG4-PG4F teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
Keycloak vulnerable to Cross-site Scripting
A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability. Details This issue is the result of code found in the exception here:...
PT-2023-20448 · Teler-Waf · Teler-Waf
Name of the Vulnerable Software and Affected Versions: teler-waf versions prior to 0.1.1 Description: The issue exists due to teler-waf's failure to properly sanitize and filter HTML entities in user input, allowing an attacker to bypass common web attack rules and launch cross-site scripting XSS...
PT-2023-5051 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak, where under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting XSS vulnerability. This iss...
@braintree/sanitize-url Cross-site Scripting vulnerability
sanitize-url aka @braintree/sanitize-url before 6.0.1 allows XSS via HTML entities...
GHSA-Q8GG-VJ6M-HGMJ @braintree/sanitize-url Cross-site Scripting vulnerability
sanitize-url aka @braintree/sanitize-url before 6.0.1 allows XSS via HTML entities...
DEBIAN-CVE-2022-48345
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...
CVE-2022-48345
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...
UBUNTU-CVE-2022-48345
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...
CVE-2022-48345
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...
Design/Logic Flaw
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...
CVE-2022-48345
sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...