Chaturbate: Camo Image Proxy Bypass with CSS Escape Sequences

Summary With CSS escape sequences it is possible to bypass CSS url detection and filtering. Details Users can use HTML tags in their Profile Bio in About Me and Wish List fields. Among other filtering and sanitization, image URLs are replaced by URLs on internal image proxy. For example, this...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

CVE-2019-14961

JetBrains Upsource before 2019.1.1412 was not properly escaping HTML tags in a code block comments, leading to XSS...

CVE-2019-14961

JetBrains Upsource prior to 2019.1.1412 is affected by a Cross‑Site Scripting (XSS) vulnerability due to insufficient escaping of code blocks (HTML tags) in code block comments. The issue is documented across multiple sources (e.g., CVE-2019-14961, JetBrains Security Bulletin Q2 2019) and is reso...

GitLab: Cross-site Scripting (XSS) - Stored in RDoc wiki pages

Summary When creating an RDoc wiki page it's possible to use a large number of html tags and attributes that are normally sanitized, when creating a linkable image of the format link For example it is possible to specify a class attribute when creating an image link: rdoc a will generate the...

Nextcloud: Some HTML Tags are Getting Executed in com.nextcloud.client

What is the Vulnerability? HTML Tags such as , , and are Getting Executed in Next Cloud Client Mobile Application for Android which can then Results to Code Injection. Reproduction Steps 1. Using Next Cloud Client Mobile App on Android, Rename a Folder to test Our HTML tag Was Executed F518303...

Easy Breadcrumb - Critical - Cross Site Scripting - SA-CONTRIB-2019-053

This module enables you to use the current URL path alias and the current page's title to automatically extract the breadcrumb's segments and its respective links then show them as breadcrumbs on your website. The module doesn't sufficiently sanitise user input in certain circumstances. This...

The vulnerability of the eLearning Server 4G system management and development framework lies in the lack of checks on input data for HTML tags. This allows attackers to alter settings in users’ personal dashboards or execute arbitrary codes.

The vulnerability of the eLearning Server 4G system management and development framework lies in the lack of checks on the input data for the presence of HTML tags, including a tag containing JavaScript code. Exploiting this vulnerability could allow an attacker to modify the settings of a user’s...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

Design/Logic Flaw

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-13375

An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter. The malicious script code is executed while viewing the logs in...

CVE-2018-13375

CVE-2018-13375 is an XSS-style vulnerability in Fortinet products where FortiAnalyzer 5.6.0 and earlier and FortiManager 5.6.0 and earlier fail to properly neutralize script-related HTML tags in the DHCP HOSTNAME parameter. An attacker can inject malicious scripts via a DHCP request, and the scri...

CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1...

CVE-2018-5124

Unsanitized output in the browser UI leaves HTML tags in place and can result in arbitrary code execution in Firefox before version 58.0.1...

Cross-Site Scripting in react-dom

Affected versions of react-dom are vulnerable to Cross-Site Scripting XSS. The package fails to validate attribute names in HTML tags which may lead to Cross-Site Scripting in specific scenarios. This may allow attackers to execute arbitrary JavaScript in the victim's browser. To be affected by...

CVE-2018-16096

In System Management Module SMM versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting...

Cross-Site Scripting

Overview Versions of exceljs before 1.6.0 are vulnerable to cross-site scripting. This vulnerability is due to exceljs does not validate data from parsed XLSX file and allows to embed HTML tags, like , directly in the sheet cells. Because of this it's possible to inject malicious JavaScript code...

Shopify: Stored xss

Description : WAF cut html tages but when put before tages we can bypass it : . Step to reproduce : 1-Open your store account 2-Navigate to https://xxx.myshopify.com/admin/settings/general 3-Put your street address xss payload xss" 4-Go to https://xxx.myshopify.com/admin/dashboards/live 5-XSS ale...

DEBIAN-CVE-2017-15705

A denial of service vulnerability was identified that exists in Apache SpamAssassin before 3.4.2. The vulnerability arises with certain unclosed tags in emails that cause markup to be handled incorrectly leading to scan timeouts. In Apache SpamAssassin, using HTML::Parser, we setup an object and...

Cross site scripting

A flaw was found in foreman 1.5.1. The remote execution plugin runs commands on hosts over SSH from the Foreman web UI. When a job is submitted that contains HTML tags, the console output shown in the web UI does not escape the output causing any HTML or JavaScript to run in the user's browser. T...