413 matches found
Code injection
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...
CVE-2022-28648
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered...
March 22, 2022—KB5011558 (OS Build 20348.617) Preview
March 22, 2022—KB5011558 OS Build 20348.617 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find ou...
GHSA-M6Q5-WV4X-FV6H Cross-site Scripting in Drupal Core
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
Cross-site Scripting in Drupal Core
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
CVE-2020-13668
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
UBUNTU-CVE-2020-13668
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
Security feature bypass
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6...
DEBIAN-CVE-2022-21690
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
UBUNTU-CVE-2022-21690
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
PYSEC-2022-41
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...
Exposure of Sensitive Information to an Unauthorized Actor in hoppscotch/hoppscotch
Description Steal authorization token via xss and hijack attack Proof of Concept Using this attack , attacker can hijack account by stealing authorization header . I see there is team based collaboration exists ,so one user can hack other user account using this bug . STEP -------- First host...
CVE-2021-43827
discourse-footnote is a library providing footnotes for posts in Discourse. Impact When posting an inline footnote wrapped in tags e.g. ^footnote, the resulting rendered HTML would include a nested , which is stripped by Nokogiri because it is not valid. This then caused a javascript error on top...
CVE-2021-41134
nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0....
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0....
Cross site scripting
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0....
CVE-2020-13688
Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0....
CVE-2020-13688
CVE-2020-13688 is a Drupal Core cross-site scripting vulnerability affecting Drupal Core 8.8.x prior to 8.8.10, 8.9.x prior to 8.9.6, and 9.0.x prior to 9.0.6. Affected code path relates to HTML rendering for forms. Remediation implied by the fixed versions: upgrade to Drupal Core 8.8.10, 8.9.6, ...
CVE-2020-13688
Removed by vendor...