269 matches found
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
Design/Logic Flaw
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
CVE-2021-38186
The CVE-2021-38186 entry concerns the comrak crate for Rust, affected in versions before 0.10.1. The issue stems from improper handling of the & character, which can cause cross-site scripting (XSS) via HTML entities like &#. The vulnerability is described across multiple sources (e.g., Red Hat, ...
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
GHSA-8WP3-CP9V-44FM Cross-Site Scripting in marked
Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...
Wordpress Core 5.2.2 - 'post previews' XSS
Exploit Title: Wordpress Core 5.2.2 - 'post previews' XSS Date: 31/12/2020 Exploit Author: gx1 Vulnerability Discovery: Simon Scannell Vendor Homepage: https://wordpress.com/ Software Link: https://github.com/WordPress/WordPress Version: = 5.2.2 Tested on: any CVE: CVE-2019-16223 References:...
Cross-Site Scripting in htmr
Versions of htmr prior to 0.8.7 are vulnerable to Cross-Site Scripting XSS. The package uses innerHTML to unescape HTML entities. This may lead to DOM-based XSS through HTML-encoded XSS payloads. This may allow an attacker to execute arbitrary JavaScript in a victim's browser. Recommendation...
Cross-site Scripting (XSS)
mysql is vulnerable to cross-site scripting XSS. The vulnerability exists as an insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later...
CVE-2019-11763
A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters...
Cross-Site Scripting (XSS)
viewerjs is vulnerable to cross-site scripting XSS attacks. This is due to a lack of escaping on user input HTML entities such as alt, src and url. An attacker could use this flaw to inject and execute arbitrary Javascript in a user's browser...
DEBIAN-CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...
CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...
CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...
CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...
CVE-2019-11763
Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...
Amazon Linux 2 : thunderbird (ALAS-2019-1376)
Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird. Memory corruption and arbitrary code execution are possible with these vulnerabilities. These bugs can be exploited over the network.CVE-2019-11764 A flaw was discovered in both Firefox and Thunderbird where 4 bytes of...
Design/Logic Flaw
Sandline Centraleyezer On Premises allows Stored XSS using HTML entities in the name field of the Category section...
CVE-2019-12299
Sandline Centraleyezer On Premises allows Stored XSS using HTML entities in the name field of the Category section...
CVE-2019-12299
The connected records confirm a Stored XSS vulnerability in Sandline Centraleyezer (On Premises) affecting the Category section’s name field. Root cause: lack of proper validation of client-side data (HTML entities). Impact: client-side code execution. No version-specific affected components or p...