EUVD-2020-0383

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

CVE-2020-8923

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript XSS. Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the d...

CVE-2020-8923

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript XSS. Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the d...

Design/Logic Flaw

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript XSS. Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the d...

CVE-2020-8923 XSS in Dart

An improper HTML sanitization in Dart versions up to and including 2.7.1 and dev versions 2.8.0-dev.16.0, allows an attacker leveraging DOM Clobbering techniques to skip the sanitization and inject custom html/javascript XSS. Mitigation: update your Dart SDK to 2.7.2, and 2.8.0-dev.17.0 for the d...

CVE-2020-8923

CVE-2020-8923 describes an XSS in Dart via improper HTML sanitization that can be bypassed using DOM Clobbering. Affected: Dart SDK up to 2.7.1 and dev versions 2.8.0-dev.16.0 . Impact: attacker can inject custom HTML/JavaScript when user-provided data populates DOM nodes. Mitigation: upgrade to ...

Fedora: Security Advisory for rubygem-loofah (FEDORA-2020-1ebc4b8284)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for rubygem-loofah (FEDORA-2020-03c0964b6a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

GHSA-W2PF-G6R8-PG22 auth0-lock vulnerable to XSS via unsanitized placeholder property

Overview Auth0 Lock version 11.20.4 and earlier did not properly sanitize the generated HTML code. Customers using the additionalSignUpFields customization option to add a checkbox to the sign-up dialog that are passing a placeholder property obtained from an untrusted source e.g. a query paramet...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser, paste and visualchars plugins. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are...

GHSA-27GM-GHR9-4V95 Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in: the core parser, paste and visualchars plugins. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are...

DRUPAL-CONTRIB-2020-002

The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. This module contains a spamspan twig filter which doesn't sanitize the passed HTML string. This vulnerability is mitigated by the fact that sites must have custom twig template files that use the SpamSpa...

Cross-Site Scripting

Overview All versions of atlasboard-atlassian-package prior to 0.4.2 are vulnerable to Cross-Site Scripting XSS. The package fails to properly sanitize user input that is rendered as HTML, which may allow attackers to execute arbitrary JavaScript in a victim's browser. This requires attackers bei...

Cross site scripting

A mutation cross-site scripting XSS issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML...

mybb -- multible vulnerabilities

mybb Team reports: High risk: Installer RCE on settings file write Medium risk: Arbitrary upload paths and Local File Inclusion RCE Medium risk: XSS via insufficient HTML sanitization of Blog feed and Extend data Low risk: Open redirect on login Low risk: SCEditor reflected XSS...

PT-2019-14573 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.1 Description: The issue concerns the copying of the User-Agent HTTP header value into an HTML document as plain text between tags, leading to a potential XSS issue. Recommendations: For Dolibarr version 10.0.1, consider...

CVE-2009-5158

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...

Hardcoded credentials

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...

CVE-2009-5158

The CVE-2009-5158 entry concerns the WordPress plugin google-analyticator, affected in versions prior to 5.2.1. The underlying issue is insufficient HTML sanitization of Google Analytics API text, which enables a cross-site scripting (XSS) vulnerability. Multiple connected sources (Red Hat, CNVD,...

CVE-2009-5158

The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text...