Lucene search
K

458 matches found

Veracode
Veracode
added 2023/06/18 6:57 a.m.14 views

Cross-site Scripting (XSS)

jstachio is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the HtmlEscaper.java does not properly escape single quotes ' in HTML, which allows an attacker to inject and execute malicious javascript in the context of other users visiting pages that use this template engin...

6.1CVSS6.5AI score0.00579EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/06 12:45 a.m.21 views

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

6.1CVSS7.3AI score0.00579EPSS
Exploits1References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.21 views

Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8682a0e17d advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/05/09 12:0 a.m.32 views

Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...

6.8CVSS6.4AI score0.0157EPSS
Exploits0References2
OSV
OSV
added 2023/03/24 2:15 p.m.5 views

CVE-2022-42948

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI...

9.8CVSS5.9AI score0.02706EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/24 12:0 a.m.3 views

Fortra Cobalt Strike 跨站脚本漏洞

Fortra Cobalt Strike is an application from Fortra, Inc. provides you with a post-development agent and covert channel to mimic a quiet, long-term embedded participant in a customer's network. A security vulnerability in Fortra Cobalt Strike version 4.7.1, which stems from the inability to proper...

9.8CVSS9.1AI score0.02706EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.4 views

SUSE CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.1CVSS6.2AI score0.01705EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:41 a.m.2 views

SUSE CVE-2017-12794

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS7.3AI score0.23566EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

8.8CVSS6.2AI score0.01452EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.4 views

SUSE CVE-2019-15618

Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...

4.8CVSS4.7AI score0.00729EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:53 a.m.2 views

SUSE CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

5.4CVSS8AI score0.0157EPSS
Exploits0References5
NVD
NVD
added 2023/01/04 4:15 p.m.8 views

CVE-2023-22464

ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...

5.4CVSS5.1AI score0.00642EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/01/03 6:29 p.m.6 views

CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths

ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...

6.1CVSS6.1AI score0.00694EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/02 12:0 a.m.5 views

PT-2023-6806 · Viewvc · Viewvc

Name of the Vulnerable Software and Affected Versions: ViewVC versions prior to 1.2.2 ViewVC versions prior to 1.1.29 Description: The issue is a cross-site scripting vulnerability that affects ViewVC, a browser interface for CVS and Subversion version control repositories. The impact of this...

6.4CVSS5.2AI score0.00694EPSS
Exploits1References24
CVE
CVE
added 2022/12/15 3:44 a.m.71 views

CVE-2022-41562

CVE-2022-41562 affects TIBCO JasperReports Server family (Server, Community, Developer, AWS Marketplace, Microsoft Azure, and related editions). The HTML escaping component is vulnerable to cross-site scripting (XSS) by a privileged/administrative attacker with network access; attack requires use...

8.4CVSS8AI score0.00718EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/12/13 7:15 p.m.21 views

CVE-2022-41562

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

8.4CVSS0.00718EPSS
Exploits0References2
OSV
OSV
added 2022/12/13 7:15 p.m.5 views

CVE-2022-41562

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

8.4CVSS5.9AI score0.00718EPSS
Exploits0References2
Prion
Prion
added 2022/12/13 7:15 p.m.22 views

Design/Logic Flaw

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

5.4CVSS7.9AI score0.00718EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/12/13 7:15 p.m.23 views

CVE-2022-41562

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

8.4CVSS7.3AI score0.00718EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/12/13 5:0 p.m.4 views

CVE-2022-41562

The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...

8.4CVSS7.3AI score0.00718EPSS
Exploits0References3Affected Software3
Rows per page
Query Builder