5082 matches found
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
DEBIAN-CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
Design/Logic Flaw
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
UBUNTU-CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
CVE-2023-23942 affects the Nextcloud Desktop Client prior to 3.6.3. The issue is a lack of sanitisation on qml labels used for basic HTML elements (e.g., strong, em, head) in the UI, which may allow JavaScript injection. Affected versions:
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
CVE-2023-23942 Self reflected HTML injection in Desktop client
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as strong, em and head lines in the UI of the desktop client. The lack of sanitisation...
Nextcloud 跨站脚本漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...
CVE-2022-2546
The CVE-2022-2546 issue affects WordPress All-in-One WP Migration plugin < 7.63. The vulnerability arises from using the wrong content type and not properly escaping the ai1wm_export response, enabling an attacker to craft a request that, when submitted by a visitor, injects arbitrary HTML/Jav...
bootstrap: XSS in the tooltip or popover data-template attribute
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
bootstrap: XSS in the tooltip or popover data-template attribute
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
bootstrap: XSS in the tooltip or popover data-template attribute
A cross-site scripting vulnerability was discovered in bootstrap. If an attacker could control the data given to tooltip or popover, they could inject HTML or Javascript into the rendered page when tooltip or popover events fired...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
Cross-site Scripting (XSS)
cakephp is vulnerable to Cross-Site Scripting. The vulnerability is due to a lack of sanitization of HTML elements in the development only missing route and duplicate named route error pages, which can lead to JavaScript injection...
CVE-2022-39813
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/jsecuritycheck via the jusername parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The...