457 matches found
Cross-site Scripting
console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...
Regular Expression Denial Of Service (ReDoS)
onebox is vulnerable to regular expression denial of service DoS. The vulnerability is possible because it does not escape the image URLs parameter directly using as HTML...
CVE-2018-8046
The CVE-2018-8046 issue affects Sencha Ext JS 4–6 prior to 6.6.0. The getTip() method in Action Columns unescapes HTML-escaped data, enabling cross-site scripting if tooltips contain user-controlled content. Public information confirms vulnerability details and that a fix was released in 6.6.0 (w...
ALPINE-CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
DEBIAN-CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
Cross site scripting
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
UBUNTU-CVE-2018-0499
A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...
Forms Cross-Site Scripting Vulnerability
Forms is a tool for creating, parsing and validating forms in Node.js. A cross-site scripting vulnerability exists in Forms versions prior to 1.3.0, which stems from the program's failure to properly escape HTML and can be exploited by a remote attacker to inject arbitrary web script or HTML...
Cross site scripting
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...
CVE-2018-1000162
Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...
CVE-2018-1000162
Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
Cross site scripting
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...