72 matches found
Cross-site Scripting (XSS)
baserCMS is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper input validation in the blog post feature, allowing user-generated content to include malicious scripts...
Cross Site Scripting(XSS)
MindsDB is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper sanitization or validation of user-generated content within the MindsDB platform. It allows an attacker to execute arbitrary JavaScript code in a user's browser by injecting it into the web UI throug...
Cross-Site Scripting (XSS)
typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is caused due to a lack of proper input sanitization and encoding of user-generated content in the form module. Exploiting this flaw enables attackers to inject and execute malicious scripts...
CVE-2024-23189
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...
CVE-2024-23189
Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...
CVE-2024-23189
CVE-2024-23189 concerns Open-Xchange App Suite. A vulnerability arises from embedded content references in tasks that can temporarily execute script code in a user’s browser session. Exploitation would require user interaction or social engineering to import external content, and could enable mal...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2024-23905
Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Cross Site Scripting (XSS)
nautobot is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper usage of Django's marksafe API during the rendering of user-generated content, including personalized links, job buttons, and computed fields. This introduces a vulnerability that allows users with the abilit...
Acceptance of Extraneous Untrusted Data With Trusted Data
Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the processing of shortcodes in user-generated content. An attacker can manipulate...
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Impact A payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If t...
Two Supreme Court cases could change the Internet as we know it
The Supreme Court is about to reconsider Section 230, a law thats been the foundation of the way we have used the Internet for decades. The court will be handling a few cases that at first glance are about online platforms' liability for hosting accounts from foreign terrorists. But at a deeper...
CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43433
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
Design/Logic Flaw
Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...
CVE-2022-43432
Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download...