Lucene search
K

457 matches found

OSV
OSV
added 2021/10/14 4:15 p.m.18 views

PYSEC-2021-379

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS2AI score0.01006EPSS
Exploits0References3
CVE
CVE
added 2021/10/14 3:45 p.m.87 views

CVE-2021-41132

OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...

9.8CVSS6.1AI score0.01006EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/10/14 3:45 p.m.26 views

CVE-2021-41132 Inconsistent input sanitisation leads to XSS vectors

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

9.8CVSS9AI score0.01006EPSS
Exploits0References3
OSV
OSV
added 2021/09/27 5:15 p.m.3 views

UBUNTU-CVE-2021-23445

This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...

6.1CVSS6.2AI score0.01837EPSS
Exploits1References7
Node.js
Node.js
added 2021/08/10 4:10 p.m.75 views

Cross-Site Scripting (XSS)

Overview In affected versions of video.js, the src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Recommendation Upgrade to version 7.14.3 or later References - CVE - GitHub Advisory...

4.3CVSS4.1AI score0.02587EPSS
Exploits1Affected Software1
OSV
OSV
added 2021/08/10 4:9 p.m.0 views

GHSA-PP7M-6J83-M7R6 Cross-site Scripting in video.js

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS6.6AI score0.02587EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2021/08/10 4:9 p.m.49 views

Cross-site Scripting in video.js

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS2.6AI score0.02587EPSS
Exploits1References9Affected Software1
GithubExploit
GithubExploit
added 2021/08/01 1:16 p.m.215 views

Exploit for Cross-site Scripting in Gitea

CVE-2021-28378 Details about this CVE herehttps://www.cved...

5.4CVSS7AI score0.08762EPSS
Exploits2
OSV
OSV
added 2021/07/28 8:15 a.m.29 views

CVE-2021-23414

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.1CVSS7.2AI score
Exploits0References7
Prion
Prion
added 2021/07/28 8:15 a.m.23 views

Hardcoded credentials

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

4.3CVSS8AI score0.02587EPSS
Exploits1References7Affected Software2
CVE
CVE
added 2021/07/28 7:20 a.m.124 views

CVE-2021-23414

CVE-2021-23414 affects video.js prior to 7.14.3, where the src attribute of the track tag bypasses HTML escaping, enabling arbitrary code execution in contexts that use compromised Video.js. The Nessus entries tie Moodle installations (and other apps) to this CVE via Video.js; Fedora advisories m...

6.5CVSS6.8AI score0.02587EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2021/07/28 7:20 a.m.26 views

CVE-2021-23414 Cross-site Scripting (XSS)

This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...

6.5CVSS8.3AI score0.02587EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/07/28 12:0 a.m.4 views

video.js 跨站脚本漏洞

video.js is an application. A web video player built for the HTML5 world. A cross-site scripting vulnerability exists in video.js that allows bypassing HTML escaping and executing arbitrary code...

6.5CVSS6AI score0.02587EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2021/07/28 12:0 a.m.6 views

PT-2021-15503 · Video.Js +1 · Video.Js +1

Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...

9.8CVSS6.7AI score0.02587EPSS
Exploits2References58
Snyk
Snyk
added 2021/07/26 2:19 p.m.4 views

Cross-site Scripting (XSS)

Overview video.js is a web video player built from the ground up for an HTML5 world. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. PoC by Snyk js The PoC triggers browser to...

6.5CVSS6.6AI score0.02587EPSS
Exploits1References2
OSV
OSV
added 2021/06/28 4:46 p.m.22 views

GHSA-954C-JJX6-CXV7 Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...

8CVSS6.7AI score0.01403EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2021/06/28 4:46 p.m.58 views

Reflected XSS from the callback handler's error query parameter

Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...

8CVSS1.9AI score0.01403EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/06/25 5:15 p.m.15 views

CVE-2021-32702

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

6.1CVSS6.5AI score
Exploits0References3
Cvelist
Cvelist
added 2021/06/25 4:25 p.m.23 views

CVE-2021-32702 Reflected XSS from the callback handler's error query parameter

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

8CVSS8.1AI score0.01403EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/25 12:0 a.m.15 views

Cross-site Scripting

nextjs-auth0 lacks HTML escaping for error messages...

8CVSS0.8AI score0.01403EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder