56 matches found
GHSA-VJCJ-5G2R-VXQC Pandao editor.md vulnerable to XSS in IMG attributes
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element...
The vulnerability of the Apache Struts software platform arises from insufficient validation of input data, allowing attackers to execute arbitrary code.
The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters “%” within tag attributes double evaluation of parameters as expressions ...
GHSA-59C7-4XJ2-HGVW rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
rails-html-sanitizer Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
Apache Struts Remote Code Execution Vulnerability (CNVD-2017-32355)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
DEBIAN-CVE-2016-6316
Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...
CVE-2015-7578
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
CVE-2015-7578
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
Cross site scripting
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
CVE-2015-7578
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
CVE-2015-7578
CVE-2015-7578 is a cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem, prior to version 1.0.3, used with Ruby on Rails 4.2.x and 5.x. The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes due to inadequate sanitization. Exploitat...
CVE-2015-7578
Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...
The Spring Framework tags EL expressions to perform vulnerability analysis CVE-2 0 1 1-2 7 3 0-a vulnerability warning-the black bar safety net
0x00 Preface This vulnerability has been out for a long time, the previous simple analysis, but due to time constraints, no in-depth study of principles, the online on this vulnerability analysis is also not too much recently due to work reasons, in-depth analysis about the vulnerability of the...
Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...
Cross site scripting
Cross-site scripting XSS vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes...
CVE-2004-2625
Cross-site scripting XSS vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag...