559 matches found
Cross-Site Scripting in mermaid
Versions of mermaid prior to 8.2.3 are vulnerable to Cross-Site Scripting. If malicious input such as A"" is provided to the application, it will execute the code instead of rendering it as text due to improper output encoding. Recommendation Upgrade to version 8.2.3 or later...
The vulnerability of the security mechanism for executing macros in the LibreOffice office software package allows a perpetrator to gain unauthorized access to confidential data, cause service failures, or compromise data integrity.
The vulnerability of the security mechanism for executing macros in the LibreOffice office software package is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...
CVE-2020-14055
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...
Cross site scripting
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...
CVE-2020-14055
Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting vulnerability in the language setting due to insufficient output encoding...
Exploit for Improper Encoding or Escaping of Output in F5 Nginx
It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly stated, but the repository contains various vulnerable environments and exploits for different vulnerabilities, including CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547,...
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...
Cross site scripting
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...
CVE-2019-20389
An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the vlanguageswitch parameter within multipart/form-data, which is reflected back within a user's browser without proper output encoding...
Subrion CMS 4.2.1 Cross Site Scripting
Title: Subrion CMS 4.2.1 Cross-Site Scripting XSS Date: 02-12-2019 Author: Christian Bortone Contact: [email protected] Vendor Homepage: https://subrion.org/ Vulnerable Product: Subrion CMS 4.2.1 CVE : CVE-2019-20389 1. Description: A cross-site scripting vulnerability was identified in...
The vulnerability of the software component responsible for implementing the MediaWiki hypertext environment lies in the lack of mechanisms for encoding or shielding output data. This allows attackers to compromise the integrity of the data.
The vulnerability of the software component responsible for implementing the MediaWiki hypertext environment is related to the lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the data...
CVE-2019-12442
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
Cross site scripting
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
CVE-2019-12442
An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics...
CVE-2019-12442
CVE-2019-12442 affects GitLab Enterprise Edition 11.7–11.11. The issue is a persistent cross-site scripting (XSS) vulnerability on child epics caused by lack of input validation and insufficient output encoding on the epic details page. This is detailed across multiple sources (GitLab advisories,...
CVE-2019-12442
Removed by vendor...
Remote Code Execution Vulnerability in Application Inspector
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external...
Cross site scripting
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting XSS vulnerability in files it serves...
CVE-2019-15602
The CVE-2019-15602 entry concerns the fileview package v0.1.6, which contains inadequate output encoding/escaping that leads to a stored XSS vulnerability in served files. Multiple connected records corroborate this: all versions of fileview are vulnerable to XSS via unsanitized filenames, allowi...