Lucene search
+L

90 matches found

osv
osv
added 2023/04/11 3:41 p.m.18 views

GHSA-X2XW-HW8G-6773 govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

6.1CVSS6AI score0.005EPSS
Exploits0References7
rubygems
rubygems
added 2023/04/11 12:0 a.m.19 views

govuk_tech_docs vulnerable to unescaped HTML on search results page

Impact Pages that are indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, so it was possible to render arbitrary HTML or run arbitrary scripts. This is a low risk security issue; to...

6.1CVSS6.2AI score0.005EPSS
Exploits0References1Affected Software1
nvd
nvd
added 2023/01/16 11:15 a.m.25 views

CVE-2022-43720

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...

5.4CVSS5.4AI score0.01243EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/01/16 12:0 a.m.4 views

PT-2023-14306

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast messag...

5.4CVSS6.2AI score0.01243EPSS
Exploits0References11
osv
osv
added 2022/02/01 1:15 p.m.4 views

CVE-2021-24814

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

9.6CVSS5.8AI score0.02085EPSS
Exploits2References1
osv
osv
added 2022/01/13 12:1 a.m.1 views

GHSA-VQWG-4V6F-H6X5 Stored XSS vulnerability in Matrix Project Plugin

Jenkins Matrix Project Plugin prior to 1.20 and 1.18.1 does not escape HTML metacharacters in node and label names, and label descriptions. This results in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure permission. Matrix Project Plugin 1.20 and 1.18...

5.4CVSS7.2AI score0.81842EPSS
Exploits0References7
osv
osv
added 2021/11/09 3:15 p.m.4 views

CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS...

6.1CVSS6.4AI score0.00562EPSS
Exploits0References1
attackerkb
attackerkb
added 2021/11/09 3:15 p.m.2 views

CVE-2021-43197

In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS...

6.1CVSS6.4AI score0.00562EPSS
Exploits0References2
cnnvd
cnnvd
added 2021/11/08 12:0 a.m.5 views

Jetbrains JetBrains TeamCity 跨站脚本漏洞

TeamCity is a Java-based build management and continuous integration server from JetBrains. A cross-site scripting vulnerability exists in versions of JetBrains TeamCity prior to 2021.1.2. The vulnerability stems from an email notification that may contain unescaped HTML, which can be exploited b...

6.1CVSS5.2AI score0.00562EPSS
Exploits0References3
wpvulndb
wpvulndb
added 2021/09/13 12:0 a.m.15 views

Avada < 7.4.2 - Stored Cross-Site Scripting

Description The Avada Forms component allowed unescaped HTML form entries to be loaded on the backend...

6.9AI score
Exploits0References1
cnvd
cnvd
added 2021/04/21 12:0 a.m.9 views

MediaWiki cross-site scripting vulnerability (CNVD-2021-30706)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki versions prior to 1.31.12 and versions prior to...

6.1CVSS5.7AI score0.01307EPSS
Exploits1References1
cnvd
cnvd
added 2021/04/21 12:0 a.m.12 views

MediaWiki cross-site scripting vulnerability (CNVD-2021-38677)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki versions prior to 1.31.12 and versions prior to...

6.1CVSS5.7AI score0.01406EPSS
Exploits1References1
veracode
veracode
added 2020/04/10 12:23 a.m.22 views

Cross-site Scripting (XSS)

setroubleshoot is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the way sealert displayed records from the setroubleshoot database as unescaped HTML. An local unprivileged attacker could cause AVC denial events with carefully crafted process or file names...

1.9CVSS0.5AI score0.00385EPSS
Exploits0References9Affected Software1
nessus
nessus
added 2020/03/09 12:0 a.m.21 views

FreeBSD : Gitlab -- Multiple Vulnerabilities (62f2182c-5f7a-11ea-abb7-001b217b3468)

Gitlab reports : Directory Traversal to Arbitrary File Read Account Takeover Through Expired Link Server Side Request Forgery Through Deprecated Service Group Two-Factor Authentication Requirement Bypass Stored XSS in Merge Request Pages Stored XSS in Merge Request Submission Form Stored XSS in...

9.8CVSS8.3AI score0.01383EPSS
Exploits0References3
freebsd
freebsd
added 2020/03/04 12:0 a.m.26 views

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Directory Traversal to Arbitrary File Read Account Takeover Through Expired Link Server Side Request Forgery Through Deprecated Service Group Two-Factor Authentication Requirement Bypass Stored XSS in Merge Request Pages Stored XSS in Merge Request Submission Form Stored XSS in Fi...

9.8CVSS1.5AI score0.01383EPSS
Exploits0References1
nvd
nvd
added 2019/08/27 6:15 p.m.18 views

CVE-2019-15700

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text...

6.1CVSS6.3AI score0.00875EPSS
Exploits1References1
cnvd
cnvd
added 2018/06/27 12:0 a.m.5 views

Joomla! cross-site scripting vulnerability (CNVD-2018-17882)

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. A reflective cross-site scripting vulnerability exists in the language switching...

6.1CVSS6.8AI score0.01413EPSS
Exploits0References1
cvelist
cvelist
added 2018/06/26 7:0 p.m.24 views

CVE-2018-12711

An XSS issue was discovered in the language switcher module in Joomla! 1.6.0 through 3.8.8 before 3.8.9. In some cases, the link of the current language might contain unescaped HTML special characters. This may lead to reflective XSS via injection of arbitrary parameters and/or values on the...

6.2AI score0.01413EPSS
Exploits0References3
phpmyadmin
phpmyadmin
added 2014/07/17 12:0 a.m.71 views

Self-XSS due to unescaped HTML output in database structure page.

PMASA-2014-4 Announcement-ID: PMASA-2014-4 Date: 2014-07-17 Summary Self-XSS due to unescaped HTML output in database structure page. Description With a crafted table comment, it is possible to trigger an XSS in database structure page. Severity We consider this vulnerability to be non critical...

3.5CVSS7.2AI score0.0145EPSS
Exploits0Affected Software1
phpmyadmin
phpmyadmin
added 2014/06/20 12:0 a.m.44 views

Self-XSS due to unescaped HTML output in navigation items hiding feature.

PMASA-2014-3 Announcement-ID: PMASA-2014-3 Date: 2014-06-20 Summary Self-XSS due to unescaped HTML output in navigation items hiding feature. Description When hiding or unhiding a crafted table name in the navigation, it is possible to trigger an XSS. Severity We consider this vulnerability to be...

3.5CVSS7.2AI score0.0213EPSS
Exploits1Affected Software1
Rows per page
Query Builder