tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting

The tarteaucitron-wp WordPress plugin before 0.3.0 allows author level and above users to add HTML into a post/page, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-47626 WordPress Submission DOM tracking for Contact Form 7 plugin <= 2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in apasionados Submission DOM tracking for Contact Form 7 cf7-submission-dom-tracking allows Stored XSS.This issue affects Submission DOM tracking for Contact Form 7: from n/a through = 2.1...

BIT-JOOMLA-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2021-39202

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the cust...

CVE-2020-15139

In MyBB before version 1.8.24, the custom MyCode BBCode for the visual editor doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. The weakness can be exploited by pointing a victim to a page where the visual editor is active e.g. as a post or Private...

CVE-2024-32468

Deno (Rust-based runtime) with deno_doc HTML generator vulnerabilities: XSS in generated search_index.js where innerHTML is used on unsanitized HTML, and XSS via un sanitized property, method, and enum names. This affects the deno_doc component and could enable Self-XSS when using deno doc --html...

CVE-2024-32468 Improper neutralization of input during web page generation ("Cross-site Scripting") in deno_doc HTML generator

Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the denodoc crate which lead to Self-XSS with deno doc --html. 1. XSS in generated searchindex.js, denodoc outputs a JavaScript file for searching. However, the generated file...

Advisory ROSA-SA-2024-2499

Software: python-setuptools 39.2.0 OS: ROSA Virtualization 2.1 packageevrstring: python-setuptools-39.2.0-8.rv3 CVE-ID: CVE-2022-40897 BDU-ID: 2023-02445 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the Python Packaging Authority package installation tools is related to insufficient input...

[SECURITY] [DLA 3862-1] calibre security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 02, 2024 https://wiki.debian.org/LTS -...

Debian dla-3862 : calibre - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3862 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3862-1 [email protected]...

Devika Cross-Site Scripting Vulnerability

Stition Devika is an advanced AI software engineer at Stition USA that understands advanced human commands, breaks them down into steps, researches relevant information, and writes code to achieve a given goal. Devika suffers from a cross-site scripting vulnerability that stems from improper...

PT-2024-22599 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p7 Checkmk versions prior to 2.2.0p28 Description: The issue allows users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation pop-up. This is a...

Cross Site Scripting (XSS)

silverstripe/cms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper escaping of HTML input in the textfields of pages referred to by VirtualPage, which allows an attacker inject and execute arbitrary JavaScript in the browser...

DEBIAN-CVE-2024-27351

In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words method with html=True and the truncatewordshtml template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because ...

BIT-PRESTASHOP-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

USN-6674-2 python-django vulnerability

USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause...

Arbitrary File Read

electron-pdf is vulnerable to Arbitrary File Read. The vulnerability due to the improper input application when validating the HTML content, allowing an attacker to remotely obtain arbitrary local files by injecting malicious HTML content...

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

Electron-PDF Security Vulnerability

Electron-PDF is a powerful command line tool from the individual developers at Fraser Xu. A security vulnerability exists in Electron-PDF version 20.0.0, which stems from a failure to validate the HTML content of user input, allowing an attacker to obtain arbitrary local files...