Lucene search
K

114 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2024/05/07 12:0 a.m.18 views

Trix Editor Arbitrary Code Execution Vulnerability

The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts...

5.4CVSS7.8AI score0.00784EPSS
Exploits0References16Affected Software1
OSV
OSV
added 2023/06/06 2:13 p.m.30 views

GHSA-5CR9-5JX3-2G39 avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

7.3CVSS6.3AI score0.00563EPSS
Exploits1References6
RubySec
RubySec
added 2023/06/06 12:0 a.m.41 views

avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields

Summary Some avo fields are vulnerable to XSS when rendering html based content. Details During the analysis of the web application, a rendered field was discovered that did not filter JS / HTML tags in a safe way and can be abused to execute js code on a client side. The trix field uses the trix...

7.3CVSS6.4AI score0.00563EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/05 12:0 a.m.13 views

PT-2023-24674 · Avo · Avo

Name of the Vulnerable Software and Affected Versions: Avo affected versions not specified Description: The issue concerns some Avo fields being vulnerable to Cross Site Scripting XSS when rendering HTML-based content. Attackers need form edit privilege to exploit this vulnerability, but the...

7.3CVSS6AI score0.00563EPSS
Exploits1References10
Hacker One
Hacker One
added 2022/04/07 2:23 p.m.32 views

GitLab: Content injection in Jira issue title enabling sending arbitrary POST request as victim

Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab...

3.5CVSS0.1AI score0.06334EPSS
Exploits0
Veracode
Veracode
added 2019/12/02 8:23 p.m.8 views

Cross-site Scripting (XSS)

trix is vulnerable to cross site scripting XSS attacks. The Trix editor allows the execution of Javsascript when the content that is copy and pasted from the clipboard into the editor contains HTML...

1AI score
Exploits0
Veracode
Veracode
added 2018/08/21 7:53 a.m.16 views

XML External Entity (XXE)

rdf4j-rio-trix is vulnerable to XML external entities XXE attacks. The library does not disable entities and document type declarations, allowing a malicious user to conduct an XXE injection attack...

10CVSS9.4AI score0.02034EPSS
Exploits0References3Affected Software2
hackapp
hackapp
added 2016/04/01 9:50 a.m.15 views

Trix Complex - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Trix Complex published at the 'play' market has multiple vulnerabilities...

0.9AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:50 a.m.14 views

Trix 2006 - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Trix 2006 published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:50 a.m.6 views

Trix - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:50 a.m.108 views

Jawaker Trix & Tarneeb - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Jawaker Trix & Tarneeb published at the 'play' market has multiple vulnerabilities...

0.6AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:49 a.m.6 views

Trix 3ala Rasi - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Trix 3ala Rasi published at the 'play' market has multiple vulnerabilities...

0.8AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:49 a.m.7 views

Trix - BSD license, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/04/01 9:49 a.m.13 views

Trix - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Trix published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder