Lucene search
K

56 matches found

OSV
OSV
added 2018/09/06 3:22 a.m.2 views

GHSA-VJCJ-5G2R-VXQC Pandao editor.md vulnerable to XSS in IMG attributes

Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element...

6.1CVSS6.3AI score0.00865EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2017/11/23 12:0 a.m.5 views

The vulnerability of the Apache Struts software platform arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the Apache Struts software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using the sequence of characters “%” within tag attributes double evaluation of parameters as expressions ...

9CVSS8AI score0.0802EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.25 views

GHSA-59C7-4XJ2-HGVW rails-html-sanitizer Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS6AI score0.02485EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.19 views

rails-html-sanitizer Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS5.7AI score0.02485EPSS
Exploits0References11Affected Software1
CNVD
CNVD
added 2017/10/19 12:0 a.m.4 views

Apache Struts Remote Code Execution Vulnerability (CNVD-2017-32355)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

9CVSS9AI score0.0802EPSS
Exploits0References1
OSV
OSV
added 2016/09/07 7:28 p.m.2 views

DEBIAN-CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6.5AI score0.03438EPSS
Exploits0References1
NVD
NVD
added 2016/02/16 2:59 a.m.15 views

CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS6AI score0.02485EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2016/02/16 2:59 a.m.19 views

CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS6.8AI score0.02485EPSS
Exploits0References2
Prion
Prion
added 2016/02/16 2:59 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

4.3CVSS6.1AI score0.02485EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2016/02/16 2:0 a.m.28 views

CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

5.5AI score0.02485EPSS
Exploits0References9
CVE
CVE
added 2016/02/16 2:0 a.m.89 views

CVE-2015-7578

CVE-2015-7578 is a cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem, prior to version 1.0.3, used with Ruby on Rails 4.2.x and 5.x. The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes due to inadequate sanitization. Exploitat...

6.1CVSS5.5AI score0.02485EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2016/02/16 2:0 a.m.28 views

CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

6.1CVSS5.7AI score0.02485EPSS
Exploits0
myhack58
myhack58
added 2015/04/23 12:0 a.m.18 views

The Spring Framework tags EL expressions to perform vulnerability analysis CVE-2 0 1 1-2 7 3 0-a vulnerability warning-the black bar safety net

0x00 Preface This vulnerability has been out for a long time, the previous simple analysis, but due to time constraints, no in-depth study of principles, the online on this vulnerability analysis is also not too much recently due to work reasons, in-depth analysis about the vulnerability of the...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/06/18 2:41 p.m.7 views

Framework: Information (internal server information, classpath, local working directories, session IDs) disclosure

VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language EL, evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a 1 name attribute in a a spring:hasBindErrors ta...

7.5CVSS6.5AI score0.11779EPSS
Exploits1References4
Prion
Prion
added 2007/01/19 1:28 a.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes...

6.8CVSS6.2AI score0.01401EPSS
Exploits0References7
NVD
NVD
added 2004/12/31 5:0 a.m.16 views

CVE-2004-2625

Cross-site scripting XSS vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag...

5.1CVSS5.7AI score0.02589EPSS
Exploits1References8
Rows per page
Query Builder