4 matches found
PT-2026-54911
Name of the Vulnerable Software and Affected Versions Jodit Editor versions prior to 4.12.28 Description The built-in clean-html sanitizer can be bypassed using a MathML/ carrier. This technique hides dangerous elements from the sanitizer's element walk, allowing no-interaction event handlers to...
Cross-site Scripting (XSS)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS via the replaceCommandWithText function, by allowing user-controlled HTML from a prompt body to be passed to tempDiv.innerHTML without proper sanitization. An attacker can execute...
CVE-2022-4975
A flaw was found in the Red Hat Advanced Cluster Security RHACS portal. When rendering a table view in the portal, for example, on any of the /main/configmanagement/ endpoints, the front-end generates a DOM table-element id="pdf-table". This information is then populated with unsanitized data usi...
PT-2024-22797
Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: gotortc is a camera streaming application. The index page index.html shows available streams by fetching the API on the client side, using Object.entries to iterate over the result, and appending...