Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

OSV
OSVadded 2022/03/28 7:15 p.m.0 views

UBUNTU-CVE-2022-0427

Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...

8.8CVSS6AI score0.00119EPSS
Exploits1References5
OSV
OSVadded 2021/07/19 3:15 p.m.0 views

UBUNTU-CVE-2021-35043

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer XHTML is not affected. This was demonstrated by a javascript: URL with &00058 as the replacement for the : character...

6.1CVSS5.8AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVDadded 2021/07/02 12:0 a.m.2 views

Zimbra Collaboration Suite跨站脚本漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in versions prior to Zimbra Collaboration Suite 8.8.15 Patch 23, which can be exploited by an attacker to place HT...

5.4CVSS7AI score0.00739EPSS
Exploits1References6
RedHat Linux
RedHat Linuxadded 2019/12/09 1:28 p.m.3 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.01308EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2019/10/21 7:2 p.m.3 views

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

4.7CVSS7.4AI score0.01308EPSS
Exploits0References4
OSV
OSVadded 2018/03/27 5:29 p.m.1 views

DEBIAN-CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

6.1CVSS7.5AI score0.00689EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2018/03/21 12:0 a.m.5 views

PT-2018-18405

Name of the Vulnerable Software and Affected Versions: Loofah versions prior to 2.2.1 Description: The issue allows non-whitelisted HTML attributes to be present in sanitized output when input with specially-crafted HTML fragments. Users are affected when running on MRI or RBX, in combination wit...

10CVSS6.9AI score0.20012EPSS
Exploits18References87
Rows per page
Query Builder