Lucene search
K

39 matches found

Github Security Blog
Github Security Blog
added 2026/03/09 7:48 p.m.9 views

FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...

8.9CVSS6AI score0.00347EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/26 10:59 p.m.8 views

CVE-2026-28279

osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the osctrl-admin environment configuration. An authenticated administrator can inject arbitrary shell commands via the hostname parameter when creating or editing environments. These...

8.4CVSS8AI score0.009EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-11220

Malware in sbrugna...

9.8CVSS9.5AI score0.04587EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/12/03 6:43 p.m.24 views

Vitess allows HTML injection in /debug/querylogz & /debug/env

Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...

4.9CVSS6.5AI score0.00428EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/12/03 6:43 p.m.19 views

GHSA-7MWH-Q3XM-QH6P Vitess allows HTML injection in /debug/querylogz & /debug/env

Summary The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. Details These pages are rendered using text/template instead of rendering with a proper HTML...

6.9CVSS4.8AI score0.00428EPSS
Exploits0References4
Fedora
Fedora
added 2022/07/17 1:15 a.m.41 views

[SECURITY] Fedora 35 Update: golang-github-nicksnyder-i18n-2-2.1.2-5.fc35

go-i18n is a Go package and a command that helps you translate Go programs in to multiple languages. - Supports pluralized strings for all 200+ languages in the Unicode Common Locale Data Repository CLDR. - Code and tests are automatically generated from CLDR data. - Supports strings with named...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
Rockylinux
Rockylinux
added 2022/05/17 7:20 a.m.16 views

new packages: perl-Text-Template

An update is available for perl-Text-Template. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

2.2AI score
Exploits0
Rockylinux
Rockylinux
added 2020/11/03 12:31 p.m.16 views

new module: perl:5.30

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-Object-HashBase, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glo...

1.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2018/11/26 2:29 a.m.0 views

CVE-2018-19531

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...

9.8CVSS5.7AI score0.04587EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2018/11/26 2:29 a.m.1 views

CVE-2018-19530

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...

9.8CVSS5.7AI score0.04587EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/11/26 2:0 a.m.22 views

CVE-2018-19530

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses XStream unsafely when configured with an xml.codec=httl.spi.codecs.XstreamCodec setting...

9.7AI score0.04587EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/11/26 2:0 a.m.25 views

CVE-2018-19531

HTTL aka Hyper-Text Template Language through 1.0.11 allows remote command execution because the decodeXml function uses java.beans.XMLEncoder unsafely when configured without an xml.codec= setting...

9.7AI score0.04587EPSS
Exploits1References1
CVE
CVE
added 2018/11/26 2:0 a.m.49 views

CVE-2018-19531

HTTL (Hyper-Text Template Language) 1.0.11 and earlier is vulnerable to remote command execution due to unsafe use of java.beans.XMLEncoder in decodeXml when xml.codec is not configured. This is documented across multiple sources (NVD entry CVE-2018-19531, Veracode note, and OSV/CVE references). ...

9.8CVSS9.6AI score0.04587EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/11/26 2:0 a.m.47 views

CVE-2018-19530

HTTL (Hyper-Text Template Language)

9.8CVSS9.6AI score0.04587EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2018/11/26 12:0 a.m.6 views

HTTL Remote Command Execution Vulnerability

HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of a security vulnerability , the vulnerability stems from the failure to configure the xml.codec , the program defaults to us...

9.8CVSS9.5AI score0.04587EPSS
Exploits1References1
CNVD
CNVD
added 2018/11/26 12:0 a.m.4 views

HTTL Remote Command Execution Vulnerability (CNVD-2019-05940)

HTTL also known as Hyper-Text Template Language is an open source Java template engine , it is mainly used for dynamic HTML page output . HTTL 1.0.11 and earlier versions of the 'decodeXml' function has a security vulnerability that stems from the fact that when configured with...

9.8CVSS9.4AI score0.04587EPSS
Exploits1References1
OSV
OSV
added 2005/05/02 4:0 a.m.2 views

DEBIAN-CVE-2005-0870

Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...

4.3CVSS6AI score0.03716EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2005/05/02 4:0 a.m.33 views

CVE-2005-0870

Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...

4.3CVSS6AI score0.03716EPSS
Exploits1References1
Cvelist
Cvelist
added 2005/03/26 5:0 a.m.28 views

CVE-2005-0870

Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...

5.5AI score0.03716EPSS
Exploits1References14
Rows per page
Query Builder