Lucene search
K

457 matches found

NVD
NVD
added 2021/06/07 10:15 p.m.26 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

7.2CVSS0.0096EPSS
Exploits0References5
OSV
OSV
added 2021/06/07 10:15 p.m.14 views

CVE-2021-32670

Datasette is an open source multi-tool for exploring and publishing data. The ?trace=1 debugging feature in Datasette does not correctly escape generated HTML, resulting in a reflected cross-site scripting vulnerability. This vulnerability is particularly relevant if your Datasette installation...

6.1CVSS6AI score
Exploits0References5
OSV
OSV
added 2021/05/10 3:36 p.m.15 views

GHSA-C94V-8FFF-73PH Command Injection in @theia/messages

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS6.2AI score0.00776EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/05/10 3:36 p.m.42 views

Command Injection in @theia/messages

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS2.1AI score0.00776EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/04/13 3:18 p.m.18 views

GHSA-CWG9-C9CR-P5FQ Improper Neutralization of Input in Theia console

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS6.2AI score0.00708EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/04/13 3:18 p.m.48 views

Improper Neutralization of Input in Theia console

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS2.4AI score0.00708EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2021/03/19 12:0 a.m.9 views

Eclipse Theia Injection Vulnerability

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...

6.1CVSS7AI score0.00776EPSS
Exploits1References1
NVD
NVD
added 2021/03/12 10:15 p.m.13 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS0.00776EPSS
Exploits1References1
NVD
NVD
added 2021/03/12 10:15 p.m.22 views

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.1CVSS0.00708EPSS
Exploits1References1
OSV
OSV
added 2021/03/12 10:15 p.m.11 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.1CVSS6.8AI score
Exploits0References1
Prion
Prion
added 2021/03/12 10:15 p.m.16 views

Code injection

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

4.3CVSS6.3AI score0.00708EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/03/12 10:15 p.m.13 views

Design/Logic Flaw

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

4.3CVSS6.2AI score0.00776EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/12 9:40 p.m.22 views

CVE-2021-28162

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run...

6.4AI score0.00776EPSS
Exploits1References1
CVE
CVE
added 2021/03/12 9:40 p.m.72 views

CVE-2021-28162

The vulnerability CVE-2021-28162 affects Eclipse Theia

6.1CVSS6.2AI score0.00776EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/03/12 9:40 p.m.33 views

CVE-2021-28161

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected...

6.5AI score0.00708EPSS
Exploits1References1
CVE
CVE
added 2021/03/12 9:40 p.m.76 views

CVE-2021-28161

The CVE-2021-28161 entry concerns Eclipse Theia prior to or including version 1.8.0, where the debug console does not escape HTML. This lack of escaping enables injection of arbitrary JavaScript code through the console, constituting a cross-site scripting risk. The vulnerability is tied to Theia...

6.1CVSS6.3AI score0.00708EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.1 views

Eclipse Theia 注入漏洞

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. An injection vulnerability exists in Eclipse Theia 0.16.0 and earlier versions, which stems from the absence of HTML escaping in...

6.1CVSS5.7AI score0.00776EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/03/12 12:0 a.m.6 views

Eclipse Theia 跨站脚本漏洞

Eclipse Theia is the Eclipse Foundation's set of Visual Studio Code-based open source integrated development environment for desktop and Web applications framework. A cross-site scripting vulnerability exists in Eclipse Theia 1.8.0 and prior versions, which stems from the absence of HTML escaping...

6.1CVSS5.3AI score0.00708EPSS
Exploits1References2
NVD
NVD
added 2021/01/29 5:15 p.m.15 views

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

9.8CVSS9.4AI score0.01594EPSS
Exploits0References3
OSV
OSV
added 2021/01/29 5:15 p.m.14 views

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

9.8CVSS6.7AI score
Exploits0References3
Rows per page
Query Builder