Lucene search
K

63 matches found

NVD
NVD
added 2022/10/07 9:15 p.m.20 views

CVE-2022-41574

An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal...

7.5CVSS0.00628EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/11/17 12:0 a.m.3 views

Oci Distribution-Spec 代码问题漏洞

Oci Distribution-Spec is an Oci distribution specification. A code issue vulnerability exists in Oci Distribution-Spec that stems from the product's use of the Content-Type header to determine the document type, among other actions. An attacker could use this vulnerability to cause text content t...

5CVSS7.2AI score0.02085EPSS
Exploits0References32
Github Security Blog
Github Security Blog
added 2021/08/19 3:53 p.m.50 views

Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS1.1AI score0.00727EPSS
Exploits0References7Affected Software2
OSV
OSV
added 2021/08/19 3:53 p.m.26 views

GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...

6.1CVSS5.9AI score0.00727EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2021/08/11 12:0 a.m.17 views

TYPO3 XSS Vulnerability (TYPO3-CORE-SA-2021-013)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; if...

6.1CVSS6AI score0.00727EPSS
Exploits0References1
OSV
OSV
added 2021/08/10 5:15 p.m.25 views

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS6.5AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2021/08/10 5:15 p.m.38 views

CVE-2021-32768

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS5.8AI score0.00727EPSS
Exploits0References3
Prion
Prion
added 2021/08/10 5:15 p.m.20 views

Cross site scripting

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

4.3CVSS6.1AI score0.00727EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/10 4:30 p.m.44 views

CVE-2021-32768 Cross-Site Scripting via Rich-Text Content

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...

6.1CVSS6.4AI score0.00727EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2021/08/10 7:50 a.m.41 views

TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...

6.1CVSS7.2AI score0.00727EPSS
Exploits0Affected Software1
Typo3
Typo3
added 2021/08/10 12:0 a.m.40 views

Cross-Site Scripting via Rich-Text Content

Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...

4.3CVSS2.3AI score0.00727EPSS
Exploits0Affected Software1
Prion
Prion
added 2020/10/26 7:15 p.m.17 views

Cross site scripting

In Wiki.js before version 2.5.162, an XSS payload can be injected in a page title and executed via the search results. While the title is properly escaped in both the navigation links and the actual page title, it is not the case in the search results. Commit...

3.5CVSS5.3AI score0.00755EPSS
Exploits0References3Affected Software1
Pen Test Partners Blog
Pen Test Partners Blog
added 2019/12/03 1:20 p.m.166 views

Commands and Tools for Embedded Reverse Engineering

We’ve been training a lot of people to look at embedded systems. The training is intensive, and it can be hard to remember all the commands and tools used. This is just a quick rundown of those tools with enough information to jog your memory! Basic Commands If we want to see the content of a fil...

7.3AI score
Exploits0
Mageia
Mageia
added 2019/11/14 4:58 p.m.39 views

Updated fribidi packages fix security vulnerability

Updated fribidi packages fix security vulnerability: A stack buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi 1.0.0 through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text conten...

7.8CVSS4.7AI score0.02182EPSS
Exploits0References2
Prion
Prion
added 2019/11/13 2:15 p.m.20 views

Buffer overflow

A buffer overflow in the fribidigetparembeddinglevelsex function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application...

6.8CVSS8.1AI score0.02182EPSS
Exploits0References10Affected Software2
OSV
OSV
added 2018/10/03 8:29 a.m.14 views

CVE-2018-17938

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...

5.3CVSS6.8AI score0.00601EPSS
Exploits0References2
Prion
Prion
added 2018/10/03 8:29 a.m.17 views

Authentication flaw

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...

5CVSS5.3AI score0.00601EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/10/03 8:29 a.m.16 views

CVE-2018-17938

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...

5.3CVSS5.3AI score0.00601EPSS
Exploits0References2
CVE
CVE
added 2018/10/03 8:0 a.m.67 views

CVE-2018-17938

CVE-2018-17938 affects Zimbra Collaboration Server prior to 8.8.10 GA, where a loginErrorCode value can cause text content spoofing. The vulnerability is tied to the login error handling logic, enabling spoofed content in responses. The affected component is Zimbra Collaboration (server) before t...

5.3CVSS5.2AI score0.00601EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/10/03 8:0 a.m.18 views

CVE-2018-17938

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value...

5.3AI score0.00601EPSS
Exploits0References2
Rows per page
Query Builder