458 matches found
Cross-Site Scripting (XSS)
Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript...
GHSA-QGPV-86R3-87FH Cross-site Scripting in Parsedown
Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...
Cross-site Scripting in Parsedown
Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...
Cross-site Scripting when rendering error messages in laminas-form
Impact When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in vulnerable versions of laminas-form, the value was not being escaped for HTML contexts, which can potentially lead to a...
CVE-2022-23598 Reflected XSS vulnerability when rendering error messages in laminas-form
laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
Hardcoded credentials
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2021-44263
Gurock TestRail before 7.2.4 mishandles HTML escaping...
CVE-2021-44263
CVE-2021-44263 affects Gurock TestRail before 7.2.4. The root cause is improper HTML escaping, leading to a cross-site scripting (XSS) vulnerability in the web-based test case management software. Affected versions prior to 7.2.4 are susceptible; the issue enables injected HTML/JavaScript content...
Gurock Software Gurock TestRail 跨站脚本漏洞
Gurock Software Gurock TestRail is a web-based test case management software for QA and development teams from Gurock Software. The software supports the creation of test cases, management of test suites, and coordination of the testing process. A cross-site scripting vulnerability exists in Guro...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of HTML escaping in poller-groups.inc.php which allows a malicious attacker to inject and execute arbitrary javascript...
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...
GHSA-F34M-X9PJ-62VQ Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Impact There are two vectors for XSS attacks with versions of @joeattardi/emoji-button before 4.6.2: - A URL for a custom emoji - An i18n string In both of these cases, a value can be crafted such that it can insert a script tag into the page and execute malicious code. Patches This vulnerability...
GHSA-CQ58-R77C-5JJW Cross-site scripting (XSS) from image block content in the site frontend
Impact Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters against cross-site scripting XSS attacks. Cross-site scripting XSS is a type of...
XSS vulnerability in GraphQL Playground from untrusted schemas
GraphQL Playground introspection schema template injection attack: Advisory Statement This is a security advisory for an XSS vulnerability in graphql-playground. A similar vulnerability affects graphiql, the package from which graphql-playground was forked. There is a corresponding graphiql...
Inconsistent input sanitisation leads to XSS vectors
Background A variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of XSS possibilities with specially crafted input to a variety of fields. Impact OMERO.web before 5.11.0 and OMERO.figure befo...
CVE-2021-41132
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
PYSEC-2021-372
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
Cross site scripting
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...