46 matches found
Code Injection
valine is vulnerable to code injection. The vulnerability is possible because the EMBED tags are not validated to enforce same-origin policy, allowing the attacker to inject HTML combined with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
Design/Logic Flaw
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...
CVE-2018-19289
Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...
CVE-2018-19289
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...