269 matches found
CVE-2022-31160
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...
CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...
CVE-2022-31160
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...
Cross-site Scripting (XSS)
mediawiki/core is vulnerable to cross-site scriptingattacks. The library does not properly escape characters in contributions-title message in SpecialContributions.php which is used as a page title, allowing an attacker to inject and execute malicious javascript through harmful HTML entities...
CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
DEBIAN-CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
Hardcoded credentials
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
UBUNTU-CVE-2022-34912
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...
PT-2022-22431 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.37.3 MediaWiki versions 1.38.x prior to 1.38.1 Description: An issue was discovered where the contributions-title, used on Special:Contributions, is used as a page title without escaping. This can cause problems ...
Cross-site Scripting (XSS)
francoisjacquet/rosariosis is vulnerable to cross-site scripting. The vulnerability exists because it does not escape HTML entities from URL in PreparePHPSELF.fnc.php, allowing an attacker to inject and execute malicious script...
GHSA-4HPR-HH77-6Q9P Cross site scripting in francoisjacquet/rosariosis
A Cross-site Scripting XSS vulnerability exists in in GitHub repository francoisjacquet/rosariosis prior to 9.1. HTML entities are not properly decoded from the URL...
Moodle vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
The vulnerability of the php_escape_html_entities_ex function (ext/standard/html.c) in the PHP language interpreter allows a attacker to trigger a service failure or possibly cause other effects.
The vulnerability of the phpescapehtmlentitiesex function ext/standard/html.c in the PHP language interpreter is caused by a numerical overflow condition. Exploiting this vulnerability could allow an attacker to cause service failures or potentially cause other adverse effects...
The vulnerability of the `php_html_entities` function in the PHP programming language allows attackers to trigger a service failure or potentially cause other adverse effects.
The vulnerability of the phphtmlentities function in the PHP programming language is caused by a numerical overflow condition. Exploiting this vulnerability can allow an attacker to cause service failures or potentially other adverse effects...
Remote Code Execution
@joplin/renderer is vulnerable to remote code execution. The vulnerability exists in stripHtml function of htmlUtils.ts because the html entities are not encoded which allows an attacker to inject and execute malicious codes...
Cross-site Scripting (XSS)
plupload is vulnerable to cross-site scripting. The vulnerability exists in addFiles function of jquery.ui.plupload.js because the html entities have not been encoded properly which allows an malicious attacker to perform unauthorized file uploads...
Moodle Cross Site Scripting / Server-Side Request Forgery Vulnerabilities
Moodle versions 3.10 to 3.10.1, 3.9 to 3.9.4, 3.8 to 3.8.7, and 3.5 to 3.5.16 suffer from cross site scripting and server-side request forgery vulnerabilities. Moodle is an opensource learning management system, popular in universities and workplaces largely used to manage courses, activities and...
Cross-site Scripting in comrak
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
GHSA-6WJ2-G87R-PM62 Cross-site Scripting in comrak
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...