Lucene search
K

457 matches found

Veracode
Veracode
added 2019/01/15 8:56 a.m.31 views

Cross-site Scripting

console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...

5.8CVSS5.2AI score0.11515EPSS
Exploits0References15Affected Software1
Veracode
Veracode
added 2018/09/05 2:40 a.m.8 views

Regular Expression Denial Of Service (ReDoS)

onebox is vulnerable to regular expression denial of service DoS. The vulnerability is possible because it does not escape the image URLs parameter directly using as HTML...

6.6AI score
Exploits0
CVE
CVE
added 2018/07/05 8:0 p.m.135 views

CVE-2018-8046

The CVE-2018-8046 issue affects Sencha Ext JS 4–6 prior to 6.6.0. The getTip() method in Action Columns unescapes HTML-escaped data, enabling cross-site scripting if tooltips contain user-controlled content. Public information confirms vulnerability details and that a fix was released in 6.6.0 (w...

6.1CVSS5.8AI score0.67014EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/07/02 12:29 p.m.2 views

ALPINE-CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS6.2AI score0.01452EPSS
Exploits0References1
OSV
OSV
added 2018/07/02 12:29 p.m.1 views

DEBIAN-CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.7AI score0.01452EPSS
Exploits0References1
Prion
Prion
added 2018/07/02 12:29 p.m.15 views

Cross site scripting

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

4.3CVSS5.8AI score0.01452EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2018/07/02 12:29 p.m.3 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added 2018/07/02 12:0 p.m.19 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

5.8AI score0.01452EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/07/02 12:0 p.m.18 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS1.4AI score0.01452EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2018/07/02 12:0 p.m.25 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.9AI score0.01452EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/07/02 12:0 a.m.17 views

CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS6.6AI score0.01452EPSS
Exploits0References4
OSV
OSV
added 2018/07/02 12:0 a.m.2 views

UBUNTU-CVE-2018-0499

A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escaping by Xapian::MSet::snippet...

6.1CVSS5.7AI score0.01452EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Forms Cross-Site Scripting Vulnerability

Forms is a tool for creating, parsing and validating forms in Node.js. A cross-site scripting vulnerability exists in Forms versions prior to 1.3.0, which stems from the program's failure to properly escape HTML and can be exploited by a remote attacker to inject arbitrary web script or HTML...

6.1CVSS5.8AI score0.00848EPSS
Exploits0References1
Prion
Prion
added 2018/06/04 7:29 p.m.15 views

Cross site scripting

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...

4.3CVSS6AI score0.00848EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/04/18 7:29 p.m.17 views

CVE-2018-1000162

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

6.1CVSS6.2AI score0.012EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/18 7:0 p.m.24 views

CVE-2018-1000162

Parsedown version prior to 1.7.0 contains a Cross Site Scripting XSS vulnerability in setMarkupEscaped for escaping HTML that can result in JavaScript code execution. This attack appears to be exploitable via specially crafted markdown that allows it to side step HTML escaping by breaking AST...

6.2AI score0.012EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2018/03/01 11:29 p.m.26 views

CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.1CVSS6.8AI score0.01705EPSS
Exploits0References2
NVD
NVD
added 2018/03/01 11:29 p.m.18 views

CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.1CVSS6AI score0.01705EPSS
Exploits0References4
Prion
Prion
added 2018/03/01 11:29 p.m.20 views

Cross site scripting

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

4.3CVSS6.1AI score0.01705EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2018/03/01 11:29 p.m.26 views

CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.1CVSS6.2AI score
Exploits0References4
Rows per page
Query Builder