457 matches found
CVE-2021-32670
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...
CVE-2021-32670
Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...
GHSA-C94V-8FFF-73PH Command Injection in @theia/messages
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
Command Injection in @theia/messages
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
GHSA-CWG9-C9CR-P5FQ Improper Neutralization of Input in Theia console
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
Improper Neutralization of Input in Theia console
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
Eclipse Theia Injection Vulnerability
Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
Code injection
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
Design/Logic Flaw
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28162
In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...
CVE-2021-28162
The vulnerability CVE-2021-28162 affects Eclipse Theia
CVE-2021-28161
In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...
CVE-2021-28161
The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...
Eclipse Theia 注入漏洞
Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...
Eclipse Theia 跨站脚本漏洞
Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A cross-site scripting vulnerability exists in Eclipse Theia 1.8.0 and prior versions, which stems from the absence of HTML escaping...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...