450 matches found
CVE-2024-53987
A cross-site scripting XSS vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicit...
UBUNTU-CVE-2024-53988
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
Cross-site Scripting (XSS)
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowe...
CVE-2024-53985 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...
CVE-2024-53987
CVE-2024-53987 concerns Rails HTML Sanitizer. A vulnerability arises when Rails::HTML::Sanitizer 1.6.0 is used with Rails >= 7.1.0 and HTML5 sanitization is enabled while an overridden allowed-tags set explicitly includes the element but excludes or . This configuration could allow an attack...
CVE-2024-53987
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53986 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
CVE-2024-53986
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...
GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...
GHSA-P66Q-PPWR-Q5J8 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is...
Cross-Site Scripting (XSS)
Apache Syncope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of HTML sanitization in the Syncope Console, which allows incomplete HTML tags to go unchecked and permits the injection of stored XSS payloads that can affect other users within the applicatio...
CVE-2024-50581
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...
CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...
CVE-2024-50581
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...
CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...
CVE-2024-50582
In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...
CVE-2024-50582
JetBrains YouTrack before 2024.3.47707 is affected by a stored XSS flaw caused by improper HTML sanitization in markdown elements. This allows injected HTML/JS to persist in pages. Remediation per vendor guidance is to update to 2024.3.47707 or later; exploit details are not provided in the docum...
CVE-2024-50581
In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...
CVE-2024-50581
CVE-2024-50581 affects JetBrains YouTrack before 2024.3.47707. The root cause is improper HTML sanitization, enabling cross-site scripting via a comment tag. Affected software is YouTrack (JetBrains). Impact is XSS under user interaction, as described in the vendor advisory and related security f...