Cross site scripting

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

CVE-2023-46967

Cross Site Scripting vulnerability in the sanitize function in Enhancesoft osTicket 1.18.0 allows a remote attacker to escalate privileges via a crafted support ticket...

PT-2024-13397 · Enhancesoft · Osticket

Name of the Vulnerable Software and Affected Versions: Enhancesoft osTicket version 1.18.0 Description: The issue is related to a Cross Site Scripting vulnerability in the sanitize function, allowing a remote attacker to escalate privileges via a crafted support ticket. This vulnerability is also...

CVE-2023-31441

In NATO Communications and Information Agency anet aka Advisor Network through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modifi...

RedCloth 安全漏洞

RedCloth is a Ruby library from Jason Garber's personal developer. It is used to convert Textile to HTML. A security vulnerability exists in RedCloth v4.0.0, which stems from a Regular Expression Denial of Service ReDoS issue found in the sanitizehtml function, which can be exploited by an attack...

PT-2023-5396 · Redcloth +4 · Redcloth +4

Name of the Vulnerable Software and Affected Versions: RedCloth gem version 4.0.0 Description: A Regular Expression Denial of Service ReDoS issue was discovered in the sanitize html function. This issue allows attackers to cause a Denial of Service DoS via supplying a crafted payload. The...

SUSE CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...

Path Traversal

github.com/whyrusleeping/tar-utils is vulnerable to Path Traversal. The vulnerability exists because the elems parameter in the Sanitize function of extractor.go does not properly sanitize the relative file paths, allowing an attacker to write arbitrary files outside the expected directory...

GHSA-MVMF-CVFX-QG55 Regular Expression Denial of Service in bleach

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...

Regular Expression Denial of Service in bleach

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44584)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. NeDi Consulting A cross-site scripting vulnerability exists in the 'sanitize' function of the inc/libmisc.php file in NeDi version 1.9C. The...

Cross site scripting

The sanitizestring function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting XSS attack by wrapping a payload in "scriptpayload", or in an image tag, with the payload as the onerror event...

Internal Property Tampering

Overview schema-inspector is a JSON API sanitisation and validation module. Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector. Remediation Upgrade...

Cross-site Scripting (XSS)

express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...

Cross site scripting

The sanitizestring function in ZenPhoto before 1.4.9 utilized the htmlentitydecode function after input sanitation, which might allow remote attackers to perform a cross-site scripting XSS via a crafted string...

CVE-2014-9261

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. dot dot in the path parameter to index.php...

CVE-2014-9261

Codoforum 2.5.1 is affected by CVE-2014-9261, enabling arbitrary file download via directory traversal through the path parameter to index.php. The root cause is a sanitize() implementation that calls str_replace(".."/"%2e%2e"), but does not assign the result back to the variable, so the traversa...

CodoForum 2.5.1 - Arbitrary File Download

CodoForum 2.5.1 - Arbitrary File Download Exploit Title: Codoforum 2.5.1 Arbitrary File Download Date: 23-11-2014 Software Link: https://codoforum.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9261 1...

DEBIAN-CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...