Tencent WeChat 安全漏洞

Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, pictures, and text, among other things. An unspecified vulnerability exists in Tencent WeChat. An attacker can exploit the vulnerability to elevate...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' via the call and outputpostamble methods. An attacker can inject malicious scripts that may be executed in the context of the user's browser session by...

Cross site scripting

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...

CVE-2024-21636 view_component Cross-site Scripting vulnerability

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the...

CVE-2023-30469

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer Hitachi Ops Center Analyzer detail view component allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00...

Cross-site Scripting (XSS)

viewcomponent is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization in the translate method in the translatable.rb file...

VIewComponent 跨站脚本漏洞

VIewComponent is a framework for building reusable, testable and encapsulated view components in Ruby on Rails. VIewComponent suffers from a cross-site scripting vulnerability that stems from data received via user input and passed as interpolated parameters to the translat method not being clean...

CVE-2018-1000551

Trovebox version = 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe...

CVE-2018-1000551

Trovebox version = 4.0.0-rc6 contains a PHP Type juggling vulnerability in album view component that can result in Authentication bypass. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit 742b8edbe...

Native applications with OAuth 2

By Justin Richer and Antonio Sanso This article was excerpted from the book OAuth 2 in Action. The OAuth core specification specifies four different grant types: Authorization Code, Implicit, Resource Owner Password Credentials and Client Credentials. Each grant type is designed with different...

CVE-2015-1116

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen...

Microsoft Windows Web View Script Injection (MS05-024; CVE-2005-1191)

Metadata is a general term for data which is used to describe characteristics of data. It is generally used to provide information such as title, author, modification history, as well as any other relevant characteristics. In Microsoft implementations there are two common approaches to storing fi...