Lucene search
K

450 matches found

RedhatCVE
RedhatCVE
added 2024/12/02 10:51 p.m.20 views

CVE-2024-53987

A cross-site scripting XSS vulnerability was found in certain configurations of rails-html-sanitizer. This issue may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicit...

3.1CVSS5.5AI score0.00435EPSS
Exploits0References5
OSV
OSV
added 2024/12/02 10:15 p.m.2 views

UBUNTU-CVE-2024-53988

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS7.3AI score0.00435EPSS
Exploits0References4
Snyk
Snyk
added 2024/12/02 9:48 p.m.1 views

Cross-site Scripting (XSS)

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the configuration of HTML5 sanitization and overridden sanitizer's allowed tags. An attacker can inject malicious content by exploiting the allowe...

6.1CVSS5.3AI score0.00581EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/02 9:15 p.m.13 views

CVE-2024-53985 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0 and Nokogiri 1.15.7, or 1.16.x 1.16.8. The XSS vulnerability with certain...

2.3CVSS5.7AI score0.00581EPSS
Exploits0References3
CVE
CVE
added 2024/12/02 9:15 p.m.120 views

CVE-2024-53987

CVE-2024-53987 concerns Rails HTML Sanitizer. A vulnerability arises when Rails::HTML::Sanitizer 1.6.0 is used with Rails >= 7.1.0 and HTML5 sanitization is enabled while an overridden allowed-tags set explicitly includes the element but excludes or . This configuration could allow an attack...

6.1CVSS5.6AI score0.00435EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/12/02 9:15 p.m.6 views

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS4.5AI score0.00435EPSS
Exploits0
OSV
OSV
added 2024/12/02 9:13 p.m.11 views

CVE-2024-53986 Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

2.3CVSS5.5AI score0.00462EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/12/02 9:13 p.m.11 views

CVE-2024-53986

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

6.1CVSS4.5AI score0.00462EPSS
Exploits0
OSV
OSV
added 2024/11/15 8:48 p.m.8 views

GHSA-8FH4-942R-JF2G LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the...

7.5CVSS5.3AI score0.00449EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/11/15 3:46 p.m.16 views

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users'...

5.4CVSS5.2AI score0.00396EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2024/11/15 3:44 p.m.10 views

GHSA-P66Q-PPWR-Q5J8 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

Summary A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
Veracode
Veracode
added 2024/11/04 5:37 a.m.11 views

Cross-Site Scripting (XSS)

Apache Syncope is vulnerable to Cross-site scripting XSS. The vulnerability is due to improper handling of HTML sanitization in the Syncope Console, which allows incomplete HTML tags to go unchecked and permits the injection of stored XSS payloads that can affect other users within the applicatio...

6.1CVSS5.6AI score0.0061EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/10/28 1:15 p.m.18 views

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

5.4CVSS0.00292EPSS
Exploits0References1
NVD
NVD
added 2024/10/28 1:15 p.m.15 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

5.4CVSS0.00292EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 1:15 p.m.3 views

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

5.4CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added 2024/10/28 12:55 p.m.20 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

4.6CVSS0.00292EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/28 12:55 p.m.10 views

CVE-2024-50582

In JetBrains YouTrack before 2024.3.47707 stored XSS was possible due to improper HTML sanitization in markdown elements...

4.6CVSS4.4AI score0.00292EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 12:55 p.m.76 views

CVE-2024-50582

JetBrains YouTrack before 2024.3.47707 is affected by a stored XSS flaw caused by improper HTML sanitization in markdown elements. This allows injected HTML/JS to persist in pages. Remediation per vendor guidance is to update to 2024.3.47707 or later; exploit details are not provided in the docum...

5.4CVSS5.8AI score0.00292EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/28 12:55 p.m.18 views

CVE-2024-50581

In JetBrains YouTrack before 2024.3.47707 improper HTML sanitization could lead to XSS attack via comment tag...

4.6CVSS0.00292EPSS
Exploits0References1
CVE
CVE
added 2024/10/28 12:55 p.m.75 views

CVE-2024-50581

CVE-2024-50581 affects JetBrains YouTrack before 2024.3.47707. The root cause is improper HTML sanitization, enabling cross-site scripting via a comment tag. Affected software is YouTrack (JetBrains). Impact is XSS under user interaction, as described in the vendor advisory and related security f...

5.4CVSS6AI score0.00292EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder