Python Improper Encoding of Output Vulnerability (Feb 2025) - Linux

Python is prone to an improper encoding of output vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

Stored Cross-site Scripting (XSS)

leantime/leantime is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper input sanitization and output encoding, allowing attackers to inject malicious scripts that get stored and executed when retrieved by users...

Cross-Site Scripting (Reflected XSS)

Leantime is vulnerable to cross-site scripting XSS. The vulnerability is due to improper input validation and output encoding in the "overdue" section, allowing attackers to upload malicious image files containing XSS payloads...

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system allows a hacker to disclose protected information.

The vulnerability of the ANSI Escape Sequence Handler component in the distributed Git version control system is related to a lack of mechanisms for encoding or shielding output data. Exploiting this vulnerability allows an attacker to gain access to confidential data...

CVE-2024-56277

Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a...

CVE-2024-56277 WordPress Poll Maker Plugin < 5.5.5 - HTML Injection vulnerability

Improper Encoding or Escaping of Output vulnerability in Ays Pro Poll Maker poll-maker.This issue affects Poll Maker: from n/a through 5.5.5...

PT-2025-3240 · Unknown · Poll Maker

Name of the Vulnerable Software and Affected Versions: Poll Maker affected versions not specified Description: The issue is related to improper encoding or escaping of output in Poll Maker Team Poll Maker. This can potentially lead to security issues, but specific details about exploitation, such...

Cross-site Scripting (XSS)

Overview org.jboss.hal:hal-core is a Core HAL API. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper neutralization of user-controllable input before it is placed in output that is served as a web page. An attacker can execute arbitrary script in the...

BIT-GITLAB-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

UBUNTU-CVE-2024-8179

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled...

CVE-2024-8179

CVE-2024-8179 affects GitLab CE/EE, specifically versions 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue is caused by improper output encoding that can lead to cross-site scripting (XSS) if CSP is not enabled. The vulnerability is scoped to the web page generation path ...

CVE-2024-8179

Removed by vendor...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A cross-site scripting vulnerability exists in GitLab, which stems from...

LimeSurvey < 6.5.0 XSS Vulnerability

LimeSurvey is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2024-8180 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enabled...

GitLab 17.3 < 17.3.7 / 17.4 < 17.4.4 / 17.5 < 17.5.2 (CVE-2024-8180)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. Improper output encoding could lead to XSS if CSP is not enable...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 跨站脚本漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition EE and GitLab...

PT-2024-8696 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.3 through 17.3.6 GitLab CE/EE versions 17.4 through 17.4.3 GitLab CE/EE versions 17.5 through 17.5.1 Description: An issue has been discovered in GitLab CE/EE where improper output encoding could lead to XSS if CSP is...