Lucene search
+L

111 matches found

CNNVD
CNNVD
added 2023/06/30 12:0 a.m.5 views

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.39.3 and earlier versions, which stems from a...

6.1CVSS5.7AI score0.00689EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/30 12:0 a.m.15 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6AI score0.00689EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2023/06/30 12:0 a.m.17 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS6.3AI score0.00689EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/30 12:0 a.m.42 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6AI score0.00689EPSS
Exploits1References3
OSV
OSV
added 2023/06/30 12:0 a.m.19 views

CVE-2023-37302

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...

6.1CVSS5.8AI score0.00689EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/06/23 12:0 a.m.3 views

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...

5.4CVSS5.9AI score0.01361EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.4 views

PT-2022-22038 · Jenkins · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.321 through 2.355 Jenkins LTS versions 2.332.1 through 2.332.3 Description: The HTML output generated for new symbol-based SVG icons in Jenkins includes the title attribute of l:ionicon until Jenkins 2.334 and alt attribute...

8CVSS5.5AI score0.01361EPSS
Exploits0References11
OSV
OSV
added 2022/02/18 11:15 p.m.4 views

DEBIAN-CVE-2017-0371

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attrtitle url;" attack within a DIV element that has an attacker-controlled URL in the title attribute...

7.5CVSS7.4AI score0.01568EPSS
Exploits1References1
OSV
OSV
added 2022/02/18 11:15 p.m.26 views

UBUNTU-CVE-2017-0371

MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attrtitle url;" attack within a DIV element that has an attacker-controlled URL in the title attribute...

7.5CVSS7.1AI score0.01568EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/02/18 12:0 a.m.6 views

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that allows remote attackers to attack via...

7.5CVSS8AI score0.01568EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/29 12:0 a.m.7 views

Hitachi Vantara Pentaho 跨站脚本漏洞

Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'pho:title' attribute of the 'dashboardXml'...

5.4CVSS6.2AI score0.0062EPSS
Exploits0References3
OSV
OSV
added 2019/06/13 6:59 p.m.2 views

GHSA-HPFQ-8WX8-CGQW Cross-Site Scripting in ids-enterprise

Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...

6.1AI score
Exploits0References3
Prion
Prion
added 2018/06/26 4:29 p.m.14 views

Cross site scripting

qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...

4.3CVSS5.9AI score0.01483EPSS
Exploits1References3Affected Software1
WPVulnDB
WPVulnDB
added 2018/02/14 12:0 a.m.20 views

NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)

XSS in error message caused by alt and title image attributes...

3.5CVSS1.4AI score0.00584EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/11/16 12:0 a.m.7 views

Unspecified vulnerability in MediaWiki (CNVD-2017-35258)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.27.4, 1.28.x...

5.3CVSS6.9AI score0.01573EPSS
Exploits0References1
OSV
OSV
added 2017/10/24 6:33 p.m.74 views

GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.9AI score0.06463EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.106 views

jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.7AI score0.06463EPSS
Exploits0References13Affected Software4
RubySec
RubySec
added 2017/10/24 12:0 a.m.27 views

Moderate severity vulnerability that affects jquery-ui

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS6.1AI score0.06463EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2015/07/21 10:14 a.m.7 views

jquery-ui: XSS vulnerability in default content in Tooltip widget

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.9AI score0.06463EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/03/05 9:50 a.m.5 views

jquery-ui: XSS vulnerability in default content in Tooltip widget

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

4.3CVSS5.9AI score0.06463EPSS
Exploits0References4
Rows per page
Query Builder