CVE-2021-36793

The routes aka Extbase Yaml Routes extension before 2.1.1 for TYPO3, when CsrfTokenViewHelper is used, allows Sensitive Information Disclosure because a session identifier is unsafely present in HTML output...

CVE-2021-36793

The CVE-2021-36793 issue affects TYPO3's Extbase Yaml Routes extension (pre-2.1.1). When CsrfTokenViewHelper is used, a session identifier is unsafely present in HTML output, enabling information disclosure. The vulnerability is documented with NVD metrics: CVSS v3.1 base score 7.5 (HIGH) and CVS...

Sensitive Information Disclosure in “Extbase Yaml Routes” (routes)

When using the CsrfTokenViewHelper the extension discloses the user's session identifier to HTML output without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance Cross Site...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

CVE-2020-25817

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity XXE attacks. When this developer utility is misused for purposes involving external or user submitted data in custom...

Oracle E-Business Suite iStore Information Disclosure (CVE-2021-2182)

An information disclosure vulnerability exists in the iStore component in Oracle E-Business Suite. The vulnerability is due to the use of untrusted user input from requests when constructing HTML output in the JSP that handles updating of user personal information...

Joomla! information disclosure vulnerability (CNVD-2021-01570)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An information disclosure vulnerability exists in Joomla! 2.5.0-3.9.22. The...

CVE-2020-35611

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

Design/Logic Flaw

An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

CVE-2020-35611

CVE-2020-35611 affects Joomla! 2.5.0 through 3.9.22. The global configuration page outputs secrets in the HTML, disclosing current values due to a misconfiguration. Impact is information disclosure of sensitive configuration data. Remediation: update to a version that removes secrets from the HTM...

PT-2020-6677 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue exists due to the lack of protection for the web page structure in MediaWiki, specifically with the combination of Html::rawElement and Message::text. This can be exploited by a remote...

Cross-site Scripting (XSS)

phpoffice/phpspreadsheet is vulnerable to cross-site scripting XSS. The vulnerability exists when creating a HTML output using an excel cell, through a comment on any cell, as the comments gets concatenated as part of the link...

CVE-2020-7776 Cross-site Scripting (XSS)

This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is...

Joomla 1.7.x < 3.9.23 Multiple Vulnerabilities (5828-joomla-3-9-23)

According to its self-reported version, the instance of Joomla! running on the remote web server is 1.7.x prior to 3.9.23. It is, therefore, affected by multiple vulnerabilities. - The autosuggestion feature of comfinder did not respect the access level of the corresponding terms. - The global...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment o...

[20201102] - Core - Disclosure of secrets in Global Configuration page

The globlal configuration page does not remove secrets from the HTML output, disclosing the current values...

Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider...

Cross-site Scripting (XSS)

mysql is vulnerable to cross-site scripting XSS. The vulnerability exists as an insufficient HTML entities quoting flaw was found in the mysql command line client's HTML output mode. If an attacker was able to inject arbitrary HTML tags into data stored in a MySQL database, which was later...

CVE-2020-0872

A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'...