Lucene search
K

457 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.7 views

CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

8CVSS6.8AI score0.01403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:53 p.m.8 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.4CVSS6.9AI score0.0059EPSS
Exploits1
Veracode
Veracode
added 2025/04/09 5:57 p.m.4 views

Cross-site Scripting (XSS)

github.com/beego/beego is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping due to user-controlled data not being sanitized in the RenderForm function...

9.6CVSS6AI score0.00568EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/02 4:37 p.m.19 views

CVE-2025-30223

Beego is an open-source web framework for the Go programming language. Prior to 2.3.6, a Cross-Site Scripting XSS vulnerability exists in Beego's RenderForm function due to improper HTML escaping of user-controlled data. This vulnerability allows attackers to inject malicious JavaScript code that...

9.6CVSS5.9AI score0.00568EPSS
Exploits1References1
NVD
NVD
added 2025/04/02 7:15 a.m.12 views

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

7.5CVSS0.00327EPSS
Exploits0References2
OSV
OSV
added 2025/04/02 7:15 a.m.13 views

CVE-2024-45699

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the abo...

5.4CVSS6.3AI score
Exploits0References2
CVE
CVE
added 2025/04/02 6:12 a.m.1356 views

CVE-2024-45699

CVE-2024-45699 affects Zabbix frontend: /zabbix.php?action=export.valuemaps is vulnerable to XSS via the backurl parameter due to reflecting user input without HTML escaping. Impact described as JavaScript execution in victim browser. Remediation is version-specific updates across distributions (...

7.5CVSS6.3AI score0.00327EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/03/31 4:17 p.m.278 views

CVE-2025-30223

Beego (Go framework) contains an XSS vulnerability in RenderForm() up to version 2.3.5, caused by improper HTML escaping of user-controlled data. This allows injection of attacker-controlled JavaScript in rendered forms, potentially enabling session hijacking, credential theft, or account takeove...

9.6CVSS7.8AI score0.00568EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/25 5:49 p.m.22 views

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/02/21 9:12 p.m.23 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/21 9:12 p.m.13 views

CVE-2025-27109 Lack of Escaping of HTML in JSX Fragments allows for Cross-site Scripting in solid-js

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS7.1AI score0.00303EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:22 a.m.9 views

CVE-2024-31996

XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, the HTML escaping of escaping tool that is used in XWiki doesn't escape , which, when used in certain places, allows XWiki syntax injection and thereby remote code execution...

10CVSS7.5AI score0.02104EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2025/01/29 12:0 a.m.10 views

postorius -- XSS

NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00237EPSS
Exploits0References1
OSV
OSV
added 2025/01/24 1:37 p.m.3 views

OESA-2025-1074 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in...

7.5CVSS6.8AI score0.01441EPSS
Exploits1References5
OSV
OSV
added 2025/01/21 9:17 p.m.9 views

GHSA-QWJ6-Q94F-8425 MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

6.3CVSS7.2AI score0.00486EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/01/21 9:17 p.m.26 views

MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

6.3CVSS7.2AI score0.00486EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/09 10:15 p.m.2 views

DEBIAN-CVE-2024-55601

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...

5.3CVSS5.8AI score0.00563EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/24 6:13 p.m.21 views

OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

6.1CVSS6.9AI score0.00487EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/10/24 6:13 p.m.11 views

GHSA-J8HP-F2MJ-586G OpenRefine's error page lacks escaping, leading to potential Cross-site Scripting on import of malicious project

Summary The built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injection into the page if an attacker can reliably produce an error with an attacker-influenced message. It appears that the only way to reach this...

5.9CVSS6.3AI score0.00487EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/04 6:51 p.m.24 views

Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS

Summary The HtmlGenerator class is subject to potential cross-site scripting XSS attack through a parsed malformed Minecraft server MOTD. Context Minecraft server owners can set a so-called MOTD Message of the Day for their server that appears next to the server icon and below the server name on...

6.9CVSS5.2AI score0.00357EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder