CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo

Avo is an open source ruby on rails admin panel creation framework. In affected versions some avo fields are vulnerable to Cross Site Scripting XSS when rendering html based content. Attackers do need form edit privilege in order to successfully exploit this vulnerability, but the results are...

PT-2023-24674 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo affected versions not specified Description: The issue concerns some Avo fields being vulnerable to Cross Site Scripting XSS when rendering HTML-based content. Attackers need form edit privilege to exploit this vulnerability, but the...

ROS-20230505-02

The vulnerability in the Mozilla Firefox browser is due to the fact that Mozilla's service desk handles blocking records when downloading updates from an SMB server. Exploitation of the vulnerability could allow an attacker to to apply an unsigned update file by pointing the service to an update...

ROS-20230428-05

A vulnerability in Python Packaging Authority installation tools is related to insufficient input validation when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to pass specially crafted data to an application and perform a denial of service...

Updated perl-HTML-StripScripts packages fix security vulnerability

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes. CVE-2023-24038...

SUSE CVE-2017-1000389

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

[SECURITY] [DSA 5339-1] libhtml-stripscripts-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5339-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 05, 2023 https://www.debian.org/security/faq -...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

CVE-2023-24038

The HTML-StripScripts module through 1.06 for Perl allows hssattvalstyle ReDoS because of catastrophic backtracking for HTML content with certain style attributes...

PT-2023-1231 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a buffer overflow in memory when handling HTML content, which can be exploited by a remote attacker to bypass security restrictions and elevate...

PT-2023-1071 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a buffer overflow in memory when handling HTML content, which can allow a remote attacker to execute arbitrary code. Recommendations: At the...

Cross site scripting

tinymce is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

Tiny Technologies TinyMCE 跨站脚本漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. Tiny Technologies TinyMCE suffers from a cross-site scripting vulnerability that originates from cross-site scripting that can be achieved when an attacker serves malicious HTML content to its warning and confirmation...

Cross-site Scripting (XSS)

spatie/browsershot is vulnerable to cross-site scripting. The vulnerability exists due to the lack of file:// validation in the html content of Browsershot.php which allows a remote attacker to inject and execute malicious JavaScript into the system...

Browsershot vulnerable to Cross-Site Scripting (XSS)

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...

GHSA-82H9-V8VH-MFPQ Browsershot vulnerable to Cross-Site Scripting (XSS)

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...

CVE-2022-43983

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...

CVE-2022-43983 Browsershot 3.57.2 - Server Side XSS to LFR via HTML

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...

CVE-2022-43983 Browsershot 3.57.2 - Server Side XSS to LFR via HTML

Browsershot version 3.57.2 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate that the HTML content passed to the Browsershot::html method does not contain URL's that use the file:// protocol...