Lucene search
K

457 matches found

RedHat Linux
RedHat Linux
added 2013/10/22 5:13 p.m.3 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/10/17 5:31 p.m.1 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
GitLab Advisory Database
GitLab Advisory Database
added 2012/08/10 12:0 a.m.48 views

Potential XSS Vulnerability in Ruby on Rails

The HTML escaping code in Ruby on Rails does not escape all potentially dangerous characters. In particular the code does not escape the single quote character. The helpers used in Rails itself never use single quotes, so most applications are unlikely to be vulnerable, however all users running ...

4.3CVSS1.6AI score0.02568EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/08/10 12:0 a.m.50 views

FreeBSD : rubygem-rails -- multiple vulnerabilities (31db9a18-e289-11e1-a57d-080027a27dbf)

Rails core team reports : This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...

4.3CVSS7.1AI score0.02568EPSS
Exploits2References8
FreeBSD
FreeBSD
added 2012/08/08 12:0 a.m.91 views

rubygem-rails -- multiple vulnerabilities

Rails core team reports: This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...

4.3CVSS5.8AI score0.02568EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2012/01/26 12:0 a.m.15 views

Fedora 15 : rubygem-actionpack-3.0.5-5.fc15 (2012-0626)

A cross-site scripting XSS flaw was found in the way the 'translate' helper method of the Ruby on Rails performed HTML escaping of interpolated user input, when interpolation in combination with HTML-safe translations were used. This release fixes the bug. Note that Tenable Network Security has...

5AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2008/07/23 11:59 p.m.2 views

Firefox file location escaping flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

4.3CVSS5.8AI score0.01349EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2008/07/07 11:41 p.m.1 views

CVE-2008-2808

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

4.3CVSS5.4AI score0.01349EPSS
Exploits1References45
Prion
Prion
added 2008/07/07 11:41 p.m.16 views

Cross site scripting

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

4.3CVSS5.9AI score0.01349EPSS
Exploits1References44Affected Software3
RedHat Linux
RedHat Linux
added 2008/07/02 12:21 p.m.3 views

Firefox file location escaping flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting XSS attacks or have unspecified other impact via a crafted filename...

4.3CVSS5.8AI score0.01349EPSS
Exploits1References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.2 views

w3m Vulnerability of Unauthorized Access to Files or Cookies

Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...

5CVSS6.5AI score0.02027EPSS
Exploits0References7
Prion
Prion
added 2007/04/06 12:19 a.m.15 views

Cross site scripting

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...

6.8CVSS7.3AI score0.0504EPSS
Exploits1References10Affected Software1
Cvelist
Cvelist
added 2007/04/06 12:0 a.m.28 views

CVE-2007-1878

Cross-zone scripting vulnerability in the DOM templates domplates used by the console.log function in the Firebug extension before 1.03 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome, as...

6.9AI score0.0504EPSS
Exploits1References10
OSV
OSV
added 2007/04/03 12:19 a.m.1 views

DEBIAN-CVE-2007-1840

lib/modules.inc in LDAP Account Manager LAM before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting XSS...

4.3CVSS6.3AI score0.01321EPSS
Exploits0References1
securityvulns
securityvulns
added 2004/08/25 12:0 a.m.50 views

[SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 541-1 [email protected] http://www.debian.org/security/ Martin Schulze August 24th, 2004 http://www.debian.org/security/faq -...

4.3CVSS0.6AI score0.01235EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.242 views

Mozilla Firefox < 2.0.0.15 Multiple Vulnerabilities

Binary data 4567.prm...

10CVSS7.3AI score0.13949EPSS
Exploits2References26
OSV
OSV
added 2003/02/12 12:0 a.m.2 views

DSA-250 w3mmee-ssl - missing HTML quoting

Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...

7AI score
Exploits0
Rows per page
Query Builder