457 matches found
Cross-site Scripting (XSS)
Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...
Cross Site Scripting(XSS)
Svelte is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper HTML escaping during server-side rendering, allowing an attacker to inject malicious content and execute unauthorized scripts in the victim's browser...
CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte
svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...
Cross-Site Scripting
@builder.io/qwik is vulnerable to Cross-Site Scripting. The vulnerability is due to improper escaping of HTML on server-side rendering, which converts strings according to the rules in the render-ssr.ts...
GHSA-2RWJ-7XQ8-4GX4 Qwik has a potential mXSS vulnerability due to improper HTML escaping
Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...
CVE-2024-41677 Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...
CVE-2024-41677 Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik
Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...
PT-2024-29501 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento-lts versions prior to 20.10.1 Description: This issue affects the design/header/welcome, design/header/logo src, design/header/logo src small, and design/header/logo alt system configs, which are intended to enable admins to set a tex...
Cross-site Scripting (XSS)
xapian-core is vulnerable to Cross-site Scripting XSS. The vulnerability is caused due to improper handling of HTML escaping by Xapian::MSet::snippet in queryparser/termgeneratorinternal.cc. This allows an attacker to potentially execute arbitrary scripts in the context of a user's web browser wh...
Cross-Site Scripting (XSS)
zendframework/zend-navigation is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the use of the escapeHtml view helper instead of escapeHtmlAttr, leading to improper HTML attribute escaping...
GHSA-9MG6-X45V-HCFM activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
Cross-site Scripting
Overview Affected versions of this package are vulnerable to Cross-site Scripting through the dynamic setting of form legends in administrative interfaces. An attacker can execute arbitrary scripts in the context of the administrator's session by injecting malicious content into form fields that...
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends
Impact Users settings their active admin form legends dynamically may be vulnerable to stored XSS, as long as its value can be injected directly by a malicious user. For example: A public web application allows users to create entities with arbitrary names. Active Admin is used to administrate...
PT-2024-27254 · Unknown · Activeadmin
Name of the Vulnerable Software and Affected Versions: Active Admin versions prior to 3.2.2 Active Admin version 4.0.0.beta7 is a fixed version, implying versions prior to 4.0.0.beta7 are also affected, but since 3.2.2 is mentioned as a fixed version, we only consider versions prior to 3.2.2 as...
GHSA-468J-6JRC-2RJX silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
List of key / value pairs assigned to OptionsetField or CheckboxSetField do not have a default casting assigned to them. The effect of this is a potential XSS vulnerability in lists where either key or value contain unescaped HTML...
CVE-2024-33859
An issue was discovered in Logpoint before 7.4.0. HTML code sent through logs wasn't being escaped in the "Interesting Field" Web UI, leading to XSS...
CVE-2024-27794
Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login...