SUSE CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

Shescape 安全漏洞

Shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. A security vulnerability exists in Shescape version 1.5.10 through versions prior to 1.6.1, which stems from the vulnerability of t...

Shescape 安全漏洞

Shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. A security vulnerability exists in versions of Shescape prior to 1.5.8, which stems from insufficient space-specific escaping on...

OneWeb: Cross-site scripting (DOM-based)

Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $. The exploitability of this issue might depend on the specific version of jQuery that is being used. Issue background DOM-based vulnerabilities arise when a...

Lxml Cross-Site Scripting Vulnerability

Lxml is a software from the individual developer of Lxml that interacts with Python to locate elements in Html. Lxml suffers from a cross-site scripting vulnerability that arises from javascript escaping via a combination of noscript and style. The following products and versions are affected:...

[SECURITY] [DLA 2467-1] lxml security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2467-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA November 26, 2020 https://wiki.debian.org/LTS -...

CVE-2019-3847

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability such as administrators/managers can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped whe...

AZL-6806 CVE-2018-19787 affecting package python-lxml for versions less than 4.8.0-1

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...

UBUNTU-CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...