Lucene search
K

458 matches found

Veracode
Veracode
added 2022/04/26 7:3 a.m.41 views

Cross-Site Scripting (XSS)

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS1.4AI score0.00674EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/03/30 6:26 p.m.13 views

GHSA-QGPV-86R3-87FH Cross-site Scripting in Parsedown

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

6.1CVSS6.1AI score0.012EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/03/30 6:26 p.m.24 views

Cross-site Scripting in Parsedown

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

6.1CVSS2.4AI score0.012EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/01/28 11:8 p.m.48 views

Cross-site Scripting when rendering error messages in laminas-form

Impact When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in vulnerable versions of laminas-form, the value was not being escaped for HTML contexts, which can potentially lead to a...

6.1CVSS0.6AI score0.00989EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/28 10:0 p.m.4 views

CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form

laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...

6.1CVSS6AI score0.00989EPSS
Exploits0References5
NVD
NVD
added 2021/12/20 9:15 a.m.13 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.4CVSS0.0059EPSS
Exploits1References2
OSV
OSV
added 2021/12/20 9:15 a.m.6 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.4CVSS5.8AI score0.0059EPSS
Exploits1References2
Prion
Prion
added 2021/12/20 9:15 a.m.15 views

Hardcoded credentials

Gurock TestRail before 7.2.4 mishandles HTML escaping...

3.5CVSS5.5AI score0.0059EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/12/20 8:28 a.m.16 views

CVE-2021-44263

Gurock TestRail before 7.2.4 mishandles HTML escaping...

5.8AI score0.0059EPSS
Exploits1References2
CVE
CVE
added 2021/12/20 8:28 a.m.65 views

CVE-2021-44263

CVE-2021-44263 affects Gurock TestRail before 7.2.4. The root cause is improper HTML escaping, leading to a cross-site scripting (XSS) vulnerability in the web-based test case management software. Affected versions prior to 7.2.4 are susceptible; the issue enables injected HTML/JavaScript content...

5.4CVSS5.5AI score0.0059EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/12/20 12:0 a.m.4 views

Gurock Software Gurock TestRail 跨站脚本漏洞

Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A cross-site scripting vulnerability exists in Guro...

5.4CVSS5.4AI score0.0059EPSS
Exploits1References3
Veracode
Veracode
added 2021/12/02 12:32 p.m.14 views

Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of HTML escaping in poller-groups.inc.php which allows a malicious attacker to inject and execute arbitrary javascript...

6.1CVSS6AI score0.00628EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2021/12/01 6:29 p.m.27 views

Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

7.6CVSS1.1AI score0.01014EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/12/01 6:29 p.m.17 views

GHSA-F34M-X9PJ-62VQ Cross-Site Scripting Vulnerability in @joeattardi/emoji-button

Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...

7.6CVSS6.3AI score0.01014EPSS
Exploits0References5
OSV
OSV
added 2021/11/16 5:4 p.m.20 views

GHSA-CQ58-R77C-5JJW Cross-site scripting (XSS) from image block content in the site frontend

Impact Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters against cross-site scripting XSS attacks. Cross-site scripting XSS is a type of...

5.4CVSS6AI score0.00781EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/11/08 6:6 p.m.44 views

XSS vulnerability in GraphQL Playground from untrusted schemas

GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...

7.1CVSS5.5AI score0.01182EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2021/10/14 9:19 p.m.49 views

Inconsistent input sanitisation leads to XSS vectors

Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...

9.8CVSS2.1AI score0.01006EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2021/10/14 4:15 p.m.14 views

CVE-2021-41132

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

6.1CVSS5.9AI score
Exploits0References3
PyPA
PyPA
added 2021/10/14 4:15 p.m.4 views

PYSEC-2021-372

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS6AI score0.01006EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/10/14 4:15 p.m.14 views

Cross site scripting

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

4.3CVSS5.8AI score0.01006EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder