365 matches found
IBM Aspera Shares 安全漏洞
IBM Aspera Shares is a Web application from International Business Machines IBM. IBM Aspera Shares suffers from an HTML injection vulnerability. The vulnerability stems from the application's lack of valid filtering and escaping of user-supplied data, which can be exploited by an attacker to inje...
The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a hacker to bypass existing security restrictions and perform a substitution of the user interface.
The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the bypassing of authentication processes through spoofing techniques. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions and replace the use...
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
CVE-2023-23913
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method,...
LangChain < 0.1.0 SSRF
The version of LangChain installed on the remote host is prior to 0.1.0. It is, therefore, affected by a SSRF vulnerability. An attacker in control of the contents of 'https://example.com' could place a malicious HTML file in there with links like 'https://example.completely.different/myfile.html...
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Summary Due to insufficient validation on the content of new FAQ posts, it is possible for authenticated users to inject malicious HTML or JavaScript code that can impact other users viewing the FAQ. This vulnerability arises when user-provided inputs in FAQ entries are not sanitized or escaped...
phpMyFAQ 安全漏洞
phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A security vulnerability exists in phpMyFAQ version 3.2.10 up to and including version 4.0.2, which stems from malicious HTML content that can be injected into the FAQ editor, corrupting the...
CVE-2024-56508
The CVE-2024-56508 entry describes a file upload vulnerability in LinkAce prior to v1.15.6 within the Import Bookmarks function. Malicious HTML files can be uploaded containing JavaScript payloads that execute when the uploaded links are accessed, enabling potential reflected or persistent XSS. T...
CVE-2024-41752
CVE-2024-41752 affects IBM Cognos Analytics. The vulnerability is an HTML injection in IBM Cognos Analytics versions 11.2.0–11.2.4 and 12.0.0–12.0.3, which could allow a remote attacker to inject HTML that renders in a victim’s browser under the hosting site’s security context. The connected IBM ...
GHSA-HFF8-HJWV-J9Q7 Remote Code Execution on click of <a> Link in markdown preview
Summary There is a vulnerability in Joplin-desktop that leads to remote code execution RCE when a user clicks on an link within untrusted notes. The issue arises due to insufficient sanitization of tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML...
ComfyUI 跨站脚本漏洞
ComfyUI is one of the most powerful and modular diffusion model GUI and backend for comfyanonymous individual developers. A cross-site scripting vulnerability exists in ComfyUI version 0.2.2 and prior versions, which can be exploited by an attacker to cause arbitrary JavaScript code to be execute...
Cross-Site Scripting (XSS)
dev-lancer/minecraft-motd-parser is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of proper input validation and sanitization in the HtmlGenerator class, allowing attackers to inject malicious HTML into a web page through a malformed Minecraft server MOTD...
Cross Site Scripting(XSS)
github.com/alist-org/alist is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to inadequate input validation in the /i/:linkname endpoint, which fails to sanitize user-provided values, allowing malicious HTML tags to be executed in the application context...
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.
The vulnerability of the Extensions component in Google Chrome and Microsoft Edge is related to improper security checks for standard elements. Exploiting this vulnerability could allow a malicious actor to replace the user interface with a specially created HTML page...
Cross-site Scripting (XSS)
Mautic is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ability of an attacker to edit a Mautic form, allowing them to insert malicious HTML that can steal sensitive information from the user's current session...
PT-2024-6158
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue is related to a Windows MSHTML platform spoofing vulnerability, which allows attackers to execute arbitrary code remotely. This vulnerability has been exploited by the...
CVE-2024-41706
A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...
Cross Site Scripting (XSS)
socalnick/scn-social-auth is vulnerable to Cross Site Scripting XSS. The vulnerability is due to not escaping the URL parameter "redirect," allowing an attacker to inject malicious HTML and execute arbitrary code...
Silverstripe XSS vulnerability via VirtualPage
A cross-site scripting vulnerability has been discovered in the VirtualPage class. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the textfields of a page which a VirtualPage refers to. This has been resolved by ensuring that...