458 matches found
Cross-site Scripting (XSS)
jstachio is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the HtmlEscaper.java does not properly escape single quotes ' in HTML, which allows an attacker to inject and execute malicious javascript in the context of other users visiting pages that use this template engin...
JStachio XSS vulnerability: Unescaped single quotes
Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...
Fedora 37 : rubygem-redcarpet (2023-8682a0e17d)
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-8682a0e17d advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
Fedora 36 : rubygem-redcarpet (2023-597f13ffb9)
The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-597f13ffb9 advisory. A security flow was found on redcarpet that escaping html was not properly done even if requested on some cases which may cause XSS vulnerability. This issue...
CVE-2022-42948
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI...
Fortra Cobalt Strike 跨站脚本漏洞
Fortra Cobalt Strike is an application from Fortra, Inc. provides you with a post-development agent and covert channel to mimic a quiet, long-term embedded participant in a customer's network. A security vulnerability in Fortra Cobalt Strike version 4.7.1, which stems from the inability to proper...
SUSE CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
SUSE CVE-2017-12794
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
SUSE CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
SUSE CVE-2019-15618
Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location...
SUSE CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
CVE-2023-22464
ViewVC is a browser interface for CVS and Subversion version control repositories. Versions prior to 1.2.3 and 1.1.30 are vulnerable to cross-site scripting. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository exposed by a...
CVE-2023-22456 ViewVC XSS vulnerability in revision view changed paths
ViewVC, a browser interface for CVS and Subversion version control repositories, as a cross-site scripting vulnerability that affects versions prior to 1.2.2 and 1.1.29. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a Subversion repository...
PT-2023-6806 · Viewvc · Viewvc
Name of the Vulnerable Software and Affected Versions: ViewVC versions prior to 1.2.2 ViewVC versions prior to 1.1.29 Description: The issue is a cross-site scripting vulnerability that affects ViewVC, a browser interface for CVS and Subversion version control repositories. The impact of this...
CVE-2022-41562
CVE-2022-41562 affects TIBCO JasperReports Server family (Server, Community, Developer, AWS Marketplace, Microsoft Azure, and related editions). The HTML escaping component is vulnerable to cross-site scripting (XSS) by a privileged/administrative attacker with network access; attack requires use...
CVE-2022-41562
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
CVE-2022-41562
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
Design/Logic Flaw
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
CVE-2022-41562
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
CVE-2022-41562
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...