Lucene search
+L

280 matches found

Snyk
Snyk
added 2024/10/01 3:42 p.m.5 views

Cross-site Scripting (XSS)

Overview NuGetGallery is a Core support library for NuGet Gallery Frontend and Backend. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the handling of HTML element attributes. Details Cross-site scripting or XSS is a code vulnerability that occurs when an...

8.3CVSS5.3AI score0.00715EPSS
Exploits0References2
Veracode
Veracode
added 2024/08/30 12:49 p.m.16 views

Cross-site Scripting (XSS)

Typo3 is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper parsing of values assigned to HTML attributes in the frontend's typolink functionality and improper encoding of error messages in the backend's filelist module when renaming files...

6.5AI score
Exploits0
Veracode
Veracode
added 2024/07/09 6:14 a.m.12 views

Cross-Site Scripting (XSS)

railsadmin is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improperly-escaped HTML title attributes in the RailsAdmin list view, which can allow attackers to inject malicious scripts. Note: While 3.1.3 is the safe version, its recommended to upgrade to 3.1.4 as the 3.1.3...

6.8CVSS6AI score0.00579EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2024/07/05 8:5 a.m.10 views

Cross Site Scripting (XSS)

zendframework/zend-form is vulnerable to Cross Site Scripting XSS. The vulnerability is due to the use of the escapeHtml helper instead of escapeHtmlAttr, leading to improper escaping of HTML attributes. An attacker can exploit this by injecting malicious code through user data or JavaScript in...

6.6AI score
Exploits0
Veracode
Veracode
added 2024/06/27 7:39 p.m.9 views

Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to view helpers using escapeHtml instead of escapeHtmlAttr to escape HTML attributes, which can lead to potential XSS attack vectors when user data or JavaScript is used...

5.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/19 8:3 p.m.19 views

CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS5.6AI score0.00529EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/06/19 8:3 p.m.44 views

CVE-2024-38356 TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditableregexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from t...

6.1CVSS0.00529EPSS
Exploits0References5
Veracode
Veracode
added 2024/06/19 10:55 a.m.9 views

Cross-site Scripting (XSS)

zendframework/zend-view is vulnerable to cross-site scripting XSS. The vulnerability is due to many view helpers using escapeHtml instead of the more appropriate escapeHtmlAttr for escaping HTML attributes, which can lead to potential XSS attack vectors when user data and/or JavaScript is used to...

5.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/06/07 10:6 p.m.13 views

Zend-Navigation vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

5.8AI score
Exploits0References3Affected Software1
OSV
OSV
added 2024/06/07 9:58 p.m.11 views

GHSA-GVPP-6JRJ-5PQC Zend-Form vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

6.1CVSS5.8AI score
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/06/07 8:58 p.m.11 views

ZendFramework has potential Cross-site Scripting vector in multiple view helpers

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

5.8AI score
Exploits0References7Affected Software1
OSV
OSV
added 2024/06/07 8:58 p.m.5 views

GHSA-M7HR-J867-3F34 ZendFramework has potential Cross-site Scripting vector in multiple view helpers

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

6.1CVSS5.8AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/06/07 8:4 p.m.27 views

Zendframework has potential Cross-site Scripting vector in multiple view helpers

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

5.8AI score
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/31 3:15 p.m.16 views

MGASA-2024-0199 Updated python-jinja2 packages fix security vulnerabilities

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

6.1CVSS6.2AI score0.00979EPSS
Exploits0References3
OSV
OSV
added 2024/05/30 9:6 p.m.22 views

GHSA-WP8J-C736-C5R3 TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors

It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and...

5.4CVSS6.1AI score
Exploits0References6
OSV
OSV
added 2024/05/28 1:28 p.m.9 views

USN-6787-1 jinja2 vulnerability

It was discovered that Jinja2 incorrectly handled certain HTML attributes that were accepted by the xmlattr filter. An attacker could use this issue to inject arbitrary HTML attribute keys and values to potentially execute a cross-site scripting XSS attack...

5.4CVSS6.9AI score0.00979EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2024/05/22 10:20 a.m.3 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/05/22 9:48 a.m.3 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/05/06 2:41 p.m.39 views

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.4AI score0.00979EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2024/05/06 12:0 a.m.25 views

Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...

6.9AI score
Exploits0References1
Rows per page
Query Builder