272 matches found
Firmanet Business Management System 跨站脚本漏洞
Firmanet Business Management System is a business management system from Firmanet Corporation. A security vulnerability exists in Firmanet Business Management System, which arises from improper neutralization of input during web page generation, allowing XSS Targeting of HTML attributes...
SUSE CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
Mitsubishi Electric GOT2000 Series and GT SoftGOT2000 (CVE-2022-40269)
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265...
CVE-2022-40269
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265...
CVE-2022-40269
Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265...
CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
Hardcoded credentials
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
UBUNTU-CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
CVE-2023-22911
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that stems from E-Widgets making widget substitution...
PT-2023-18771 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.9 MediaWiki versions 1.36.x through 1.38.x before 1.38.5 MediaWiki versions 1.39.x before 1.39.1 Description: An issue in MediaWiki allows for XSS due to E-Widgets performing widget replacement in HTML...
CVE-2022-23543
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped...
CVE-2022-23543 HTML attributes when attaching a YouTube link to the post
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped...
CVE-2022-23543 HTML attributes when attaching a YouTube link to the post
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped...
CVE-2022-23543 HTML attributes when attaching a YouTube link to the post
Silverware Games is a social network where people can play games online. Users can attach URLs to YouTube videos, the site will generate related when the post will be published. The handler has some sort of protection so non-YouTube links can't be posted, as well as HTML tags are being stripped...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
SEPPmail 跨站脚本漏洞
SEPPmail is an email encryption and signing solution from the Swiss company SEPPmail. A security vulnerability exists in SEPPmail version 11.1.10, which stems from a cross-site scripting vulnerability XSS in which user input is not properly encoded as HTML attributes when returned by the server...