OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

OpenJDK: Insufficient filtering of HTML event attributes in Javadoc (Javadoc, 8226765)

Vulnerability in the Java SE product of Oracle Java SE component: Javadoc. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Cross-Site Scripting (XSS)

sanitize-html is vulnerable to cross-site scripting XSS. The opentag function in index.js fails to sanitize HTML attributes when sanitizing HTML tags that have been modified using a custom tag transformation. If an application uses custom tag transformations, and places user input in an HTML...

Joomla! 1.5.x < 3.7.0 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A flaw exists in the JMail API due to PHPMail version information being included in mail headers. An unauthenticated, remote attacker can exploit this to disclose sensitive...

UBUNTU-CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

Hardcoded credentials

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

DEBIAN-CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

CVE-2018-8048

In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...

PT-2018-18405

Name of the Vulnerable Software and Affected Versions: Loofah versions prior to 2.2.1 Description: The issue allows non-whitelisted HTML attributes to be present in sanitized output when input with specially-crafted HTML fragments. Users are affected when running on MRI or RBX, in combination wit...

Joomla! Information Disclosure and XSS Vulnerabilities

Joomla is prone to information disclosure and cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla Core HTML Attributes Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7986)

A privilege escalation vulnerability exists in Joomla Core. Unauthorized remote attackers may leverage this vulnerability to gain administrative access to the vulnerable server...

Joomla! cross-site scripting vulnerability (CNVD-2017-06582)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A cross-site scripting vulnerability exists in Joomla! versions 1.5.0 through 3.6.5. The vulnerability arises due to insufficient filtering of...

CVE-2017-7986

CVE-2017-7986 affects Joomla! 1.5.0 through 3.6.5; it is caused by inadequate filtering of specific HTML attributes, leading to cross-site scripting in various components. The issue is fixed in 3.7.0. Exploitation details are not provided beyond the XSS description; upgrade to 3.7.0+ to mitigate.