Lucene search
+L

46 matches found

Veracode
Veracode
added 2018/11/16 6:2 a.m.18 views

Code Injection

valine is vulnerable to code injection. The vulnerability is possible because the EMBED tags are not validated to enforce same-origin policy, allowing the attacker to inject HTML combined with a .pdf file...

6.1CVSS6.5AI score0.01228EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/11/15 6:29 a.m.19 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score0.01228EPSS
Exploits1References1
Prion
Prion
added 2018/11/15 6:29 a.m.18 views

Design/Logic Flaw

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

4.3CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2018/11/15 6:29 a.m.15 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.1CVSS6.3AI score
Exploits0References1
CVE
CVE
added 2018/11/15 6:0 a.m.58 views

CVE-2018-19289

Valine v1.3.3 is affected by CVE-2018-19289: HTML injection can be triggered via an EMBED element in conjunction with a .pdf file, enabling JavaScript execution. Connected sources (GHSA/OSV) corroborate HTML injection in Valine and mention the embed policy bypass. No remediation/version patch det...

6.1CVSS6.2AI score0.01228EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/11/15 6:0 a.m.25 views

CVE-2018-19289

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file...

6.2AI score0.01228EPSS
Exploits1References1
Rows per page
Query Builder