Lucene search
K

129 matches found

CVE
CVE
added 2025/07/20 4:32 p.m.17 views

CVE-2025-7903

CVE-2025-7903 affects yangzongzhuan RuoYi up to version 4.8.1. The vulnerability lies in the Image Source Handler component, causing improper restriction of rendered UI layers. It is exploitable remotely and the exploit has been publicly disclosed. Remediation per PT-Security and Red Hat advisori...

5.4CVSS4.8AI score0.0024EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/07/20 4:32 p.m.4 views

CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer

A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...

5.3CVSS4.7AI score0.0024EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/20 12:0 a.m.4 views

RuoYi 安全漏洞

RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...

5.4CVSS4.8AI score0.0024EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/07/20 12:0 a.m.7 views

PT-2025-30208 · Yangzongzhuan · Ruoyi

Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A problematic issue exists in yangzongzhuan RuoYi, specifically within the Image Source Handler component. This issue involves improper restriction of rendered UI layers and can be exploit...

5.3CVSS4.6AI score0.0024EPSS
Exploits1References8
CVE
CVE
added 2025/06/04 4:32 p.m.182 views

CVE-2025-2336

CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...

4.8CVSS6.7AI score0.00354EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.5 views

CVE-2023-52187

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...

7.5CVSS7.8AI score0.00481EPSS
Exploits0References1
Veracode
Veracode
added 2025/05/09 3:53 a.m.11 views

Content Spoofing

AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...

4.8CVSS6.6AI score0.00375EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/04/29 5:15 p.m.6 views

CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS6.5AI score0.00375EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/04/29 4:26 p.m.4 views

CVE-2025-0716

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...

4.8CVSS6AI score0.00375EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/28 2:59 p.m.9 views

CVE-2024-8372

Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...

4.8CVSS4.9AI score0.00574EPSS
Exploits1References4
OSV
OSV
added 2025/04/16 10:15 p.m.2 views

UBUNTU-CVE-2025-43703

An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...

6.1CVSS5.8AI score0.00194EPSS
Exploits0References4
Circl
Circl
added 2025/03/15 8:44 a.m.5 views

RHSA-2024:2204

creationtimestamp| type| source ---|---|--- 2025-03-15 08:44:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7676...

4.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:24 a.m.25 views

CVE-2025-22711

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...

7.2AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/01/21 2:15 p.m.20 views

CVE-2025-22711

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...

7.1CVSS0.00246EPSS
Exploits0References1
CVE
CVE
added 2025/01/21 1:57 p.m.55 views

CVE-2025-22711

CVE-2025-22711 is a reflected XSS in Image Source Control Lite (image-source-control-isc) for WordPress plugins, reported as an improper input neutralization during web page generation. Affected range: Image Source Control

7.1CVSS7.2AI score0.00246EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/21 1:57 p.m.39 views

CVE-2025-22711 WordPress Image Source Control Lite Plugin <= 2.29.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...

7.1CVSS0.00246EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.4 views

WordPress plugin Image Source Control 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

7.1CVSS7.6AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/21 12:0 a.m.5 views

PT-2025-4641 · Unknown · Thomas Maier Image Source Control

Name of the Vulnerable Software and Affected Versions: Thomas Maier Image Source Control versions n/a through 2.29.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables...

7.1CVSS9.6AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2025/01/18 6:15 a.m.11 views

CVE-2024-13515

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/01/18 5:33 a.m.10 views

CVE-2024-13515 Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS0.0035EPSS
Exploits0References4
Rows per page
Query Builder