13 matches found
SUSE CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...
CVE-2025-68946
CVE-2025-68946 affects Gitea releases before 1.20.1, where a link can specify a forbidden URL scheme (e.g., javascript:) enabling XSS. The issue is fixed by upgrading to Gitea 1.20.1 or later (patch/markup module remediation noted in the linked advisories/releases). Practical impact is Cross‑Site...
EUVD-2024-0628
Malicious code in bioql PyPI...
Code injection
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...
Cross-site Scripting (XSS)
github.com/greenpau/caddy-security is vulnerable to Cross-site Scripting XSS via the Referer header. The vulnerability is due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for an attack...
Cross-site Scripting in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
GHSA-FF72-FF42-C3GW Cross-site Scripting in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
Cross site scripting
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
PT-2024-18911 · Unknown · Caddy-Security
Name of the Vulnerable Software and Affected Versions: github.com/greenpau/caddy-security versions all Description: The issue is related to Cross-site Scripting XSS via the Referer header, caused by improper input sanitization. Although some characters are escaped to prevent XSS, the sanitization...
Cross-site Scripting (XSS)
Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that...