Lucene search
+L

55 matches found

redhat
redhat
added 2020/09/23 4:12 p.m.4 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
ptsecurity
ptsecurity
added 2020/09/03 12:0 a.m.6 views

PT-2020-10876 · Twitter · Bootstrap-Select

Name of the Vulnerable Software and Affected Versions: bootstrap-select versions prior to 1.13.6 Description: The issue allows Cross-Site Scripting XSS due to the failure to escape title values in OPTION elements. This may enable attackers to execute arbitrary JavaScript in a victim's browser...

6.1CVSS6.5AI score0.01738EPSS
Exploits0References14
redhat
redhat
added 2020/08/04 2:2 p.m.9 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
nvd
nvd
added 2020/06/08 2:15 p.m.21 views

CVE-2020-7676

angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping "" elements in "" ones changes parsing behavior, leading to possibly unsanitizing code...

5.4CVSS6.2AI score0.02142EPSS
Exploits0References12
snyk
snyk
added 2020/05/19 9:0 p.m.5 views

Cross-site Scripting (XSS)

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The regex-based input HTML replacement may turn sanitized code into unsanitized one. Wrapping elements in ones changes parsing...

5.4CVSS5.4AI score0.02142EPSS
Exploits0References2
osv
osv
added 2020/04/29 9:15 p.m.1 views

DEBIAN-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.4AI score0.8383EPSS
Exploits6References1
osv
osv
added 2020/04/29 9:15 p.m.4 views

UBUNTU-CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.7AI score0.8383EPSS
Exploits6References8
github
github
added 2017/10/24 6:33 p.m.41 views

Cross-site Scripting in actionpack

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS5.5AI score0.02504EPSS
Exploits0References11Affected Software1
ubuntucve
ubuntucve
added 2012/03/13 10:55 a.m.46 views

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS6AI score0.02504EPSS
Exploits0References2
cvelist
cvelist
added 2012/03/13 10:0 a.m.40 views

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

5.3AI score0.02504EPSS
Exploits0References8
debiancve
debiancve
added 2012/03/13 10:0 a.m.77 views

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS5.5AI score0.02504EPSS
Exploits0
rubygems
rubygems
added 2012/03/01 12:0 a.m.41 views

CVE-2012-1099 rubygem-actionpack: XSS in the "select" helper

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

4.3CVSS5.3AI score0.02504EPSS
Exploits0References1Affected Software1
nessus
nessus
added 2010/04/13 12:0 a.m.254 views

SuSE 10 Security Update : MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-translations, mozilla-xulrunner191, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-translations, python-xpcom191 (ZYPP Patch Number 6970)

Mozilla Firefox was updated to version 3.5.9 fixing lots of bugs and security issues. The following security issues were fixed : - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed...

10CVSS8.4AI score0.87264EPSS
Exploits19References29
nvd
nvd
added 2010/04/05 5:30 p.m.22 views

CVE-2010-0176

Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 do not properly manage reference counts for option elements in a XUL tree optgroup, which might allow remote attackers to execute arbitrary code via unspecified vectors...

9.3CVSS9.3AI score0.05203EPSS
Exploits0References31
nessus
nessus
added 2010/03/31 12:0 a.m.51 views

SeaMonkey < 2.0.4 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.0.4. Such versions are potentially affected by the following security issues : - Multiple crashes can result in arbitrary code execution. MFSA 2010-16 - A select event handler for XUL tree items can be called after the item is deleted. MFSA...

10CVSS7.1AI score0.87264EPSS
Exploits19References17
Rows per page
Query Builder