457 matches found
PYSEC-2021-379
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
CVE-2021-41132
OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...
CVE-2021-41132 Inconsistent input sanitisation leads to XSS vectors
OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...
UBUNTU-CVE-2021-23445
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped...
Cross-Site Scripting (XSS)
Overview In affected versions of video.js, the src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. Recommendation Upgrade to version 7.14.3 or later References - CVE - GitHub Advisory...
GHSA-PP7M-6J83-M7R6 Cross-site Scripting in video.js
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
Cross-site Scripting in video.js
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
Exploit for Cross-site Scripting in Gitea
CVE-2021-28378 Details about this CVE herehttps://www.cved...
CVE-2021-23414
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
Hardcoded credentials
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
CVE-2021-23414
CVE-2021-23414 affects video.js prior to 7.14.3, where the src attribute of the track tag bypasses HTML escaping, enabling arbitrary code execution in contexts that use compromised Video.js. The Nessus entries tie Moodle installations (and other apps) to this CVE via Video.js; Fedora advisories m...
CVE-2021-23414 Cross-site Scripting (XSS)
This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code...
video.js 跨站脚本漏洞
video.js is an application. A web video player built for the HTML5 world. A cross-site scripting vulnerability exists in video.js that allows bypassing HTML escaping and executing arbitrary code...
PT-2021-15503 · Video.Js +1 · Video.Js +1
Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...
Cross-site Scripting (XSS)
Overview video.js is a web video player built from the ground up for an HTML5 world. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. PoC by Snyk js The PoC triggers browser to...
GHSA-954C-JJX6-CXV7 Reflected XSS from the callback handler's error query parameter
Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...
Reflected XSS from the callback handler's error query parameter
Overview Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are affected by this vulnerability ...
CVE-2021-32702
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...
Cross-site Scripting
nextjs-auth0 lacks HTML escaping for error messages...