457 matches found
Design/Logic Flaw
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
CVE-2021-3346
Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...
CVE-2021-3346
CVE-2021-3346 affects Foris before 101.1.1 as used in Turris OS, where the login template lacks certain HTML escaping. The consequence is a potential vulnerability due to insufficient input escaping in the login flow. The provided documents do not include explicit exploitation details, affected v...
Debian DLA-2526-1 : ruby-redcarpet security update
In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml option was being used. For Debian 9 stretch, this proble...
[SECURITY] [DLA 2526-1] ruby-redcarpet security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...
CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
DEBIAN-CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
Cross site scripting
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
GHSA-Q3WR-QW3G-3P4H Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
Vicent Martí Redcarpet Injection Vulnerability
Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...
CVE-2020-26298 Injection in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
PT-2021-3541 · Redcarpet +1 · Redcarpet +1
Name of the Vulnerable Software and Affected Versions: Redcarpet versions prior to 3.5.1 Description: The issue is related to incorrect input sanitization in the Redcarpet library, which can enable a cross-site scripting attack. This is due to the lack of HTML escaping when processing quotes, eve...
CVE-2020-26298
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
CVE-2020-26298
CVE-2020-26298 affects the Redcarpet Ruby gem (rubygem-redcarpet) prior to 3.5.1, where HTML escaping was not performed for quotes, enabling a cross-site scripting (XSS) vector. The issue is fixed in version 3.5.1 (via the referenced commit); upgrading to 3.5.1 or newer mitigates the vulnerabilit...
Injection/XSS in Redcarpet
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...
DEBIAN-CVE-2020-25828
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...
CVE-2020-25828
An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...