175 matches found
CVE-2024-34006
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...
CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...
CVE-2024-34006 moodle: unsanitized HTML in site log for config_log_created
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...
PT-2024-25634 · Alt Linux +1 · Alt Linux +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the site log report, which required additional encoding of event descriptions. This encoding is necessary to ensure that any HTML in the content is displayed in...
BIT-GITLAB-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
CVE-2023-5512
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
Design/Logic Flaw
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
CVE-2023-5512
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
CVE-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
CVE-2023-5512
CVE-2023-5512 affects GitLab CE/EE and concerns file integrity being compromised when specific HTML encoding is used for file names, causing incorrect UI representations. Affected versions: 16.3–16.4.3, 16.5–16.5.3, and 16.6–16.6.1. Root cause is a UI/filename encoding issue; no exploit details a...
CVE-2023-5512
Removed by vendor...
CVE-2023-5512 Improper Control of Generation of Code ('Code Injection') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect...
GitLab 16.3 < 16.4.4 / 16.5 < 16.5.4 / 16.6 < 16.6.2 (CVE-2023-5512)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrit...
CVE-2023-6146
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...
Cross site scripting
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...
CVE-2023-6146
CVE-2023-6146 describes a stored cross-site scripting vulnerability in Qualys Web Application (QualysGuard VM/PC) where HTML encoding is omitted when displaying logging information. The root cause is the lack of HTML encoding in user-visible browser details, allowing a logged-in user to inject an...
CVE-2023-6146 Stored XSS Vulnerability in QualysGuard VM/PC
A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details...
CVE-2022-44787
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page...
CVE-2022-44787
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page...
Cross site scripting
An issue was discovered in Appalti & Contratti 9.12.2. The web applications are vulnerable to a Reflected Cross-Site Scripting issue. The idPagina parameter is reflected inside the server response without any HTML encoding, resulting in XSS when the victim moves the mouse pointer inside the page...