Lucene search
K

40 matches found

OSV
OSV
added 2026/03/06 10:16 p.m.10 views

AZL-79604 CVE-2026-27142 affecting package gcc 11.2.0-9

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.8 views

AZL-79622 CVE-2026-27142 affecting package golang 1.26.0-1

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.6AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.7 views

AZL-79607 CVE-2026-27142 affecting package golang 1.25.7-1

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS7.2AI score0.00328EPSS
Exploits0References1
OSV
OSV
added 2026/03/06 10:16 p.m.8 views

UBUNTU-CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/03/06 9:28 p.m.2 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS
Exploits0
CVE
CVE
added 2026/03/06 9:28 p.m.87 views

CVE-2026-27142

CVE-2026-27142 is disclosed as an issue where URLs inserted into the content attribute of HTML meta tags were not escaped, potentially enabling XSS when the meta tag has http-equiv="refresh". Public advisories (ALAS2-2026-3310, ALAS2-2026-3313, ALAS2-2026-3311, ALAS2023-2026-1771, etc.) link this...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:28 p.m.12 views

CVE-2026-27142

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

5.7AI score0.00328EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/06 9:28 p.m.23 views

CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

0.00328EPSS
Exploits0References4
OSV
OSV
added 2026/03/06 9:3 p.m.2 views

GO-2026-4603 URLs in meta content attribute actions are not escaped in html/template

Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...

6.1CVSS5.7AI score0.00328EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2024/03/27 10:36 a.m.24 views

Meta to abandon social media tracking tool CrowdTangle

On 14 March, Meta announced it would abandon CrowdTangle, saying the tool will no longer be available after August 14, 2024. While most people have never heard of CrowdTangle, among journalists the tool is considered essential. Its popularity largely depends on the ability to monitor social media...

7.2AI score
Exploits0
NVD
NVD
added 2024/03/07 7:15 a.m.16 views

CVE-2024-1419

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.7AI score0.00343EPSS
Exploits0References2
OSV
OSV
added 2024/03/07 7:15 a.m.6 views

CVE-2024-1419

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...

5.4CVSS7.4AI score0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/07 12:0 a.m.7 views

PT-2024-18029 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.0 Description: The issue is related to Stored Cross-Site Scripting via the id attribute of the Header Meta Content widget due to insufficient input...

6.4CVSS8AI score0.00343EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2009/10/23 12:0 a.m.20 views

Alleycode HTML Editor Buffer Overflow Vulnerabilities

This host is installed with Alleycode HTML Editor and is prone to Buffer Overflow vulnerabilities. OpenVAS Vulnerability Test $Id: gballeycodehtmleditorbofvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Alleycode HTML Editor Buffer Overflow Vulnerabilities Authors: Sharath S Copyright: Copyright c...

9.3CVSS0.9AI score0.05902EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2009/10/23 12:0 a.m.19 views

Alleycode HTML Editor Buffer Overflow Vulnerabilities

Alleycode HTML Editor is prone to multiple buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS7AI score0.05902EPSS
Exploits1References2
NVD
NVD
added 2009/10/16 4:30 p.m.23 views

CVE-2009-3708

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a 1 description or 2 keyword META tag. NOTE: the provenance of this information is unknown; the details ar...

9.3CVSS7.7AI score0.04487EPSS
Exploits0References2
Prion
Prion
added 2009/10/16 4:30 p.m.15 views

Stack overflow

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag...

9.3CVSS8.5AI score0.05902EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/10/16 4:30 p.m.19 views

CVE-2009-3709

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag...

9.3CVSS7.8AI score0.05902EPSS
Exploits1References4
CVE
CVE
added 2009/10/16 4:0 p.m.52 views

CVE-2009-3709

The CVE-2009-3709 entry concerns Alleycode HTML Editor 2.21 from Konae Technologies. A stack-based buffer overflow in the Meta Content Optimizer allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag. Public records (NVD/OpenVAS entries) confirm remote cod...

9.3CVSS7.8AI score0.05902EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2009/10/16 4:0 p.m.32 views

CVE-2009-3708

Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a 1 description or 2 keyword META tag. NOTE: the provenance of this information is unknown; the details ar...

7.7AI score0.04487EPSS
Exploits0References2
Rows per page
Query Builder