111 matches found
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki 1.39.3 and earlier versions, which stems from a...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
CVE-2023-37302
An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate from resources/wikibase/templates.js for quotes which can be in a title attribute...
Jenkins 跨站脚本漏洞
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins suffers from a cross-site scripting vulnerability that stems from the title attribute and alt attribute not being...
PT-2022-22038 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.321 through 2.355 Jenkins LTS versions 2.332.1 through 2.332.3 Description: The HTML output generated for new symbol-based SVG icons in Jenkins includes the title attribute of l:ionicon until Jenkins 2.334 and alt attribute...
DEBIAN-CVE-2017-0371
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attrtitle url;" attack within a DIV element that has an attacker-controlled URL in the title attribute...
UBUNTU-CVE-2017-0371
MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attrtitle url;" attack within a DIV element that has an attacker-controlled URL in the title attribute...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki that allows remote attackers to attack via...
Hitachi Vantara Pentaho 跨站脚本漏洞
Pentaho is a Business Intelligence BI software that provides data integration, OLAP services, reporting, information dashboards, data mining, and Extract, Transform, Load ETL capabilities. A reflected cross-site scripting vulnerability exists in the 'pho:title' attribute of the 'dashboardXml'...
GHSA-HPFQ-8WX8-CGQW Cross-Site Scripting in ids-enterprise
Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The modal component fails to sanitize input to the title attribute, which may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later...
Cross site scripting
qutebrowser version introduced in v0.11.0 1179ee7a937fb31414d77d9970bac21095358449 contains a Cross Site Scripting XSS vulnerability in history command, qute://history page that can result in Via injected JavaScript code, a website can steal the user's browsing history. This attack appear to be...
NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
XSS in error message caused by alt and title image attributes...
Unspecified vulnerability in MediaWiki (CNVD-2017-35258)
MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in MediaWiki versions prior to 1.27.4, 1.28.x...
GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
Moderate severity vulnerability that affects jquery-ui
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jquery-ui: XSS vulnerability in default content in Tooltip widget
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jquery-ui: XSS vulnerability in default content in Tooltip widget
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...