Lucene search
K

457 matches found

Prion
Prion
added 2021/01/29 5:15 p.m.16 views

Design/Logic Flaw

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

7.5CVSS9.3AI score0.01594EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/01/29 4:38 p.m.23 views

CVE-2021-3346

Foris before 101.1.1, as used in Turris OS, lacks certain HTML escaping in the login template...

9.6AI score0.01594EPSS
Exploits0References3
CVE
CVE
added 2021/01/29 4:38 p.m.48 views

CVE-2021-3346

CVE-2021-3346 affects Foris before 101.1.1 as used in Turris OS, where the login template lacks certain HTML escaping. The consequence is a potential vulnerability due to insufficient input escaping in the login flow. The provided documents do not include explicit exploitation details, affected v...

9.8CVSS9.3AI score0.01594EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/01/20 12:0 a.m.26 views

Debian DLA-2526-1 : ruby-redcarpet security update

In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions, no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml option was being used. For Debian 9 stretch, this proble...

6.8CVSS6.1AI score0.0157EPSS
Exploits0References4
Debian
Debian
added 2021/01/15 10:34 a.m.26 views

[SECURITY] [DLA 2526-1] ruby-redcarpet security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2526-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta January 15, 2021 https://wiki.debian.org/LTS -...

6.8CVSS5.9AI score0.0157EPSS
Exploits0
Snyk
Snyk
added 2021/01/12 8:49 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. This happens because no HTML escaping is being performed when processing quotes. This applies even when the :escapehtml option was being used in combination with :quote. Details Cross-site scripting or XSS is a...

8.3CVSS5.4AI score0.0157EPSS
Exploits0References2
OSV
OSV
added 2021/01/11 7:15 p.m.23 views

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

5.4CVSS6AI score
Exploits0References9
OSV
OSV
added 2021/01/11 7:15 p.m.1 views

DEBIAN-CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

5.4CVSS5.7AI score0.0157EPSS
Exploits0References1
Prion
Prion
added 2021/01/11 7:15 p.m.11 views

Cross site scripting

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

3.5CVSS5.3AI score0.0157EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2021/01/11 7:15 p.m.23 views

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS6.7AI score0.0157EPSS
Exploits0References5
OSV
OSV
added 2021/01/11 7:6 p.m.26 views

GHSA-Q3WR-QW3G-3P4H Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS5.7AI score0.0157EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2021/01/11 7:6 p.m.48 views

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS5.8AI score0.0157EPSS
Exploits0References11Affected Software1
CNNVD
CNNVD
added 2021/01/11 12:0 a.m.5 views

Vicent Martí Redcarpet Injection Vulnerability

Vicent Martí Redcarpet is a Rust-based codebase for parsing Markdown syntax by the individual developer Vicent Martí. An injection vulnerability exists in Redcarpet before version 3.5.1, which results from not performing HTML escaping when handling quotes...

6.8CVSS6.5AI score0.0157EPSS
Exploits0References13
Cvelist
Cvelist
added 2021/01/11 12:0 a.m.19 views

CVE-2020-26298 Injection in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS5.8AI score0.0157EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2021/01/11 12:0 a.m.2 views

PT-2021-3541 · Redcarpet +1 · Redcarpet +1

Name of the Vulnerable Software and Affected Versions: Redcarpet versions prior to 3.5.1 Description: The issue is related to incorrect input sanitization in the Redcarpet library, which can enable a cross-site scripting attack. This is due to the lack of HTML escaping when processing quotes, eve...

6.8CVSS5.5AI score0.01807EPSS
Exploits0References52
Debian CVE
Debian CVE
added 2021/01/11 12:0 a.m.16 views

CVE-2020-26298

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS6AI score0.0157EPSS
Exploits0
CVE
CVE
added 2021/01/11 12:0 a.m.113 views

CVE-2020-26298

CVE-2020-26298 affects the Redcarpet Ruby gem (rubygem-redcarpet) prior to 3.5.1, where HTML escaping was not performed for quotes, enabling a cross-site scripting (XSS) vector. The issue is fixed in version 3.5.1 (via the referenced commit); upgrading to 3.5.1 or newer mitigates the vulnerabilit...

6.8CVSS5.2AI score0.0157EPSS
Exploits0References9Affected Software1
RubySec
RubySec
added 2021/01/11 12:0 a.m.27 views

Injection/XSS in Redcarpet

Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the :escapehtml opti...

6.8CVSS2.5AI score0.0157EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/09/27 9:15 p.m.1 views

DEBIAN-CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

6.1CVSS6.8AI score0.01089EPSS
Exploits0References1
OSV
OSV
added 2020/09/27 9:15 p.m.19 views

CVE-2020-25828

An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message.parse doesn't escape HTML. This affects both message contents which are generally safe and the parameters which can be based on user input. When jqueryMsg is loaded...

6.1CVSS6.6AI score
Exploits0References4
Rows per page
Query Builder