CVE-2021-23445 Cross-site Scripting (XSS)

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

CVE-2021-23445

CVE-2021-23445 affects datatables.net prior to 1.11.3, where passing an array to the HTML escape entities function could leave contents unescaped, enabling potential XSS. Public references confirm the flaw exists in the package and that upgrading to 1.11.3 fixes the issue (e.g., DataTables releas...

CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

CVE-2020-35479

CVE-2020-35479 affects MediaWiki prior to 1.35.1. The vulnerability is due to XSS through BlockLogFormatter.php, caused by Language::translateBlockExpiry not escaping in all code paths (e.g., Language::userTimeAndDate returns HTML-unsafe month values). Affected versions include MediaWiki 1.12.0 a...

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

Non-jqueryMsg version of mw.message(…).parse() doesn't escape HTML

More info at https://phabricator.wikimedia.org/T115888...

Code injection

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text...

Discourse < 2.2.0.beta8 Missing HTML Escape Vulnerability

Discourse is prone to a vulnerability where title HTML for inline onebox are not escaped. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

UBUNTU-CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENTQUOTES flag these calls occur when the htmlescape function in lib/html.php is not used...

openSUSE Security Update : mumble (openSUSE-SU-2014:0706-1)

mumble was updated to fix two security issues. - The Mumble client did not properly HTML-escape some external strings before using them in a rich-text HTML context CVE-2014-3756. - SVG images with local file references could trigger client DoS CVE-2014-3755. %NASLMINLEVEL 70300 C Tenable Network...

Updated mumble packages fix two security vulnervabilitites

Updated mumble packages fix security vulnerabilities: In Mumble before 1.2.6, the Mumble client is vulnerable to a Denial of Service attack when rendering crafted SVG files that contain references to files on the local computer, due to an issue in Qt's SVG renderer module. This issue can be...

FreeBSD : mumble -- multiple vulnerabilities (77e2e631-e742-11e3-9a25-5404a6a6412c)

Mumble reports : SVG images with local file references could trigger client DoS The Mumble client did not properly HTML-escape some external strings before using them in a rich-text HTML context. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

[oss-security] Mumble 1.2.6: Mumble-SA-2014-005 and Mumble-SA-2014-006

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi oss-security, The Mumble team has just released Mumble 1.2.6, which contains fixes for the two following vulnerabilities: Mumble-SA-2014-005 http://mumble.info/security/Mumble-SA-2014-005.txt - SVG images with local file references could trigger...

Important: java-1.6.0-openjdk

Issue Overview: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual...

Critical: Red Hat Security Advisory: java-1.7.0-openjdk security update

Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

SA-CONTRIB-2013-013 - Boxes - Cross site scripting (XSS)

The subject field for the included simple box doesn't escape HTML properly. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to administer/edit boxes. Wikipedia has more information about cross site scripting XSS. CVE identifiers issued CVE-2013-02...

Firefox file location escaping flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

File location URL in directory listings not escaped properly — Mozilla

Mozilla contributor Masahiro Yamada reported that file URLs in directory listings were not being HTML escaped properly when the filenames contained particular characters. This resulted in files from directory listings being opened in unintended ways or files not being able to be opened by the...

CVE-2007-1840

lib/modules.inc in LDAP Account Manager LAM before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting XSS...