3 matches found
knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...
DotCMS Directory Traversal Vulnerability
DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A directory traversal vulnerability exists in the com.dotmarketing.servlets.taillog.TailLogServlet.class file i...
DotCMS Cross-Site Scripting Vulnerability
DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in DotCMS 3.5 Beta. An attacker can exploit this vulnerability to...