Lucene search
K

457 matches found

Snyk
Snyk
added 2024/10/01 3:42 p.m.2 views

Cross-site Scripting (XSS)

Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

8.3CVSS5.3AI score0.00705EPSS
Exploits0References2
Veracode
Veracode
added 2024/09/02 4:13 a.m.7 views

Cross Site Scripting(XSS)

Svelte is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping during server-side rendering, allowing an attacker to inject malicious content and execute unauthorized scripts in the victim's browser...

6.1CVSS6.1AI score0.00344EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/30 4:55 p.m.20 views

CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

5.4CVSS5.9AI score0.00344EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2024/08/30 4:49 p.m.22 views

Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

6.1CVSS6AI score0.00344EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/08/07 4:35 a.m.11 views

Cross-Site Scripting

@builder.io/qwik is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of HTML on server-side rendering, which converts strings according to the rules in the render-ssr.ts...

6.3CVSS6.5AI score0.00469EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/08/06 6:24 p.m.12 views

GHSA-2RWJ-7XQ8-4GX4 Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

6.3CVSS6AI score0.00469EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/08/06 6:24 p.m.12 views

Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

6.3CVSS5.9AI score0.00469EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/06 5:52 p.m.12 views

CVE-2024-41677 Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS5.9AI score0.00469EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/08/06 5:52 p.m.14 views

CVE-2024-41677 Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS0.00469EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/07/29 12:0 a.m.4 views

PT-2024-29501 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento-lts versions prior to 20.10.1 Description: This issue affects the design/header/welcome, design/header/logo src, design/header/logo src small, and design/header/logo alt system configs, which are intended to enable admins to set a tex...

5.1CVSS6.8AI score0.0034EPSS
Exploits0References8
Veracode
Veracode
added 2024/07/03 8:51 a.m.14 views

Cross-site Scripting (XSS)

xapian-core is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper handling of HTML escaping by Xapian::MSet::snippet in queryparser/termgeneratorinternal.cc. This allows an attacker to potentially execute arbitrary scripts in the context of a user's web browser wh...

6.1CVSS6.5AI score0.01452EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/06/25 12:11 p.m.9 views

Cross-Site Scripting (XSS)

zendframework/zend-navigation is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the use of the escapeHtml view helper instead of escapeHtmlAttr, leading to improper HTML attribute escaping...

6.3AI score
Exploits0
OSV
OSV
added 2024/06/02 10:32 p.m.14 views

GHSA-9MG6-X45V-HCFM activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

7.2CVSS6.1AI score0.00349EPSS
Exploits0References7
Snyk
Snyk
added 2024/06/02 10:32 p.m.3 views

Cross-site Scripting

Overview Affected versions of this package are vulnerable to Cross-site Scripting through the dynamic setting of form legends in administrative interfaces. An attacker can execute arbitrary scripts in the context of the administrator's session by injecting malicious content into form fields that...

9.3CVSS5.7AI score0.00349EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/06/02 10:32 p.m.28 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6AI score0.00349EPSS
Exploits0References7Affected Software1
RubySec
RubySec
added 2024/06/02 12:0 a.m.25 views

activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends

Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...

6.1CVSS6.6AI score0.00349EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/02 12:0 a.m.6 views

PT-2024-27254 · Unknown · Activeadmin

Name of the Vulnerable Software and Affected Versions: Active Admin versions prior to 3.2.2 Active Admin version 4.0.0.beta7 is a fixed version, implying versions prior to 4.0.0.beta7 are also affected, but since 3.2.2 is mentioned as a fixed version, we only consider versions prior to 3.2.2 as...

7.2CVSS5.9AI score0.00349EPSS
Exploits0References11
OSV
OSV
added 2024/05/27 7:9 p.m.9 views

GHSA-468J-6JRC-2RJX silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`

List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML...

6.1CVSS6.1AI score
Exploits0References7
OSV
OSV
added 2024/05/07 5:15 p.m.4 views

CVE-2024-33859

An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...

6.1CVSS5.9AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2024/04/15 11:15 p.m.3 views

CVE-2024-27794

Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...

6.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Rows per page
Query Builder