450 matches found
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
Design/Logic Flaw
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
Code injection
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
CVE-2021-28162
The vulnerability CVE-2021-28162 affects Eclipse Theia
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28161
The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
Eclipse Theia 注入漏洞
Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...
Eclipse Theia 跨站脚本漏洞
Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A cross-site scripting vulnerability exists in Eclipse Theia 1.8.0 and prior versions, which stems from the absence of HTML escaping...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
Design/Logic Flaw
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
CVE-2021-3346
CVE-2021-3346 affects Foris before 101.1.1 as used in Turris OS, where the login template lacks certain HTML escaping. The consequence is a potential vulnerability due to insufficient input escaping in the login flow. The provided documents do not include explicit exploitation details, affected v...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
Debian DLA-2526-1 : ruby-redcarpet security update
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml option was being used. For Debian 9 stretch, this proble...
[SECURITY] [DLA 2526-1] ruby-redcarpet security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...
DEBIAN-CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...