Hardcoded credentials

Gurock TestRail before 7.2.4 mishandles HTML escaping...

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

CVE-2021-44263

CVE-2021-44263 affects Gurock TestRail before 7.2.4. The root cause is improper HTML escaping, leading to a cross-site scripting (XSS) vulnerability in the web-based test case management software. Affected versions prior to 7.2.4 are susceptible; the issue enables injected HTML/JavaScript content...

Gurock Software Gurock TestRail 跨站脚本漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A cross-site scripting vulnerability exists in Guro...

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of HTML escaping in poller-groups.inc.php which allows a malicious attacker to inject and execute arbitrary javascript...

Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

GHSA-F34M-X9PJ-62VQ Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

GHSA-CQ58-R77C-5JJW Cross-site scripting (XSS) from image block content in the site frontend

Impact Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters against cross-site scripting XSS attacks. Cross-site scripting XSS is a type of...

XSS vulnerability in GraphQL Playground from untrusted schemas

GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...

Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

CVE-2021-41132

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

Cross site scripting

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

PYSEC-2021-372

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

PYSEC-2021-372

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2021-41132 Inconsistent input sanitisation leads to XSS vectors

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2021-41132

OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...

UBUNTU-CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

Cross-Site Scripting (XSS)

Overview In affected versions of video.js, the src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Recommendation Upgrade to version 7.14.3 or later References - CVE - GitHub Advisory...

Cross-site Scripting in video.js

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...