239 matches found
CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...
CVE-2024-47845
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
CVE-2024-47845 CSS sanitizer used incorrectly, and is easily bypassed
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2...
Improper Encoding (Escaping Of Output)
Apache Airflow is vulnerable to Improper Encoding Escaping of Output. The vulnerability is due to the example DAG exampleinleteventextra.py allowing authenticated attackers with DAG trigger permissions to execute arbitrary commands...
Cross-Site Scripting (XSS)
typo3/cms is vulnerable to Cross-Site Scripting XSS.The vulnerability is caused due to improper encoding of editor input, allowing authenticated editors to inject arbitrary HTML...
Improper Encoding Or Escaping Of Output
php81 is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to insufficient escaping when using the procopen command with array syntax, allowing malicious users to execute arbitrary commands in the Windows shell by supplying controlled arguments...
Cross-site Scripting (XSS)
typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input, allowing authenticated editors to inject arbitrary HTML or JavaScript...
Cross-site Scripting (XSS)
typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of editor input in the search result view, allowing authenticated editors to inject arbitrary HTML...
PT-2024-40148 · Packagist · Typo3/Cms-Core
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue arises from the failure to properly encode information from external sources. Specifically, the language pack handling in the install tool is susceptible to cross-site...
Cross-site Scripting (XSS)
silverstripe/framework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding of validation messages in certain FormField classes, which can present invalid content as part of the validation response resulting in XSS...
CVE-2024-34687
SAP NetWeaver Application Server for ABAP and ABAP Platform do not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. An attacker can control code that is executed within a user’s browser, which could result in modification, deletion of data, includin...
Cross-site Scripting (XSS)
Apache Zeppelin is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper encoding or escaping of output in the helium module. An attacker can modify helium.json and perform attacks on normal users by injecting malicious scripts...
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. Attackers can modify helium.json and perform cross-site scripting attacks on normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the...
Improper escaping in Apache Zeppelin
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2024-31868 Apache Zeppelin: XSS vulnerability in the helium module
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can modify helium.json and exposure XSS attacks to normal users. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue...
CVE-2024-31868
CVE-2024-31868 affects Apache Zeppelin: improper encoding/escaping in the helium module enables cross-site scripting by modifying helium.json. Impact described as user-facing XSS; affects 0.8.2–0.11.0, fixed in 0.11.1. Remediation: upgrade to Zeppelin 0.11.1 or later. Other sources (Red Hat, Vera...
CVE-2024-31866 Apache Zeppelin: Interpreter download command does not escape malicious code injection
Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuration like ZEPPELININTPCLASSPATHOVERRIDES. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to...
PT-2024-24254 · Apache · Apache Zeppelin
Name of the Vulnerable Software and Affected Versions: Apache Zeppelin versions 0.8.2 through 0.11.0 Description: The issue is related to improper encoding or escaping of output, allowing attackers to execute shell scripts or malicious code by overriding configuration like ZEPPELIN INTP CLASSPATH...
Improper access control
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the emai...