CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

CVE-2024-45047

CVE-2024-45047 concerns Svelte, a web framework. The vulnerability is described as a mutation-based XSS (mXSS) that can occur due to improper HTML escaping during server-side rendering, specifically when injecting malicious content into an attribute within a noscript tag. Affected versions are up...

CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

Gazelle 安全漏洞

Gazelle is a web framework for private BitTorrent trackers from the individual developers at WhatCD. Gazelle has a security vulnerability that stems from a cross-site scripting vulnerability in the username parameter of the /login/disabled.php file...

Gazelle 安全漏洞

Gazelle is a web framework for private BitTorrent trackers from the individual developers at WhatCD. Gazelle has a security vulnerability that stems from a cross-site scripting vulnerability in the view parameter of the /managers/enablerequests.php file...

academlo (>=0.0.1 <=0.0.3), afterburner (>=0.0.1 <=0.0.2) +140 more potentially affected by CVE-2024-42353 via webob (>=1.2.3 <=1.8.7)

webob PYPI version =1.2.3, =0.0.1, =0.0.1, =0.1.0, =0.1.0, =0.0.2, =0.0.1, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2024-42353 Source advisory: OSV:PYSEC-2024-188...

Ruby on Rails: Remote Code Execution

Background Ruby on Rails is a free web framework used to develop database-driven web applications. Description Multiple vulnerabilities have been discovered in Ruby on Rails. Please review the CVE identifiers referenced below for details. Impact When serialized columns that use YAML the default a...

Fedora: Security Advisory (FEDORA-2024-d05d37ead7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-a7eef0ca7b)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-7dac82a14e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: python-django4.2-4.2.14-1.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 39 Update: python-django-4.2.14-2.fc39

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 40 Update: python-django-4.2.14-2.fc40

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to conduction of phishing attacks due to a web framework used in node

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor CVE-2024-29041. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

OESA-2024-1710 rubygem-actionpack security update

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling easy unit/integration testing that doesn't require a browser. Security Fixes: Action Pack is a framework for handling and responding to web requests. Sin...

Ninja Web Framework Security Vulnerability

Ninja Web Framework is a full-stack web framework for Java open-sourced by Ninja Web Framework. A security vulnerability exists in Ninja Web Framework version v7.0.0, which stems from the use of a weak encryption algorithm, resulting in the possible disclosure of sensitive information...

PT-2024-40376 · Symfony · Symfony

Name of the Vulnerable Software and Affected Versions: Symfony versions 2.0.x Description: The issue concerns the XMLEncoder component's failure to disable external entities when parsing XML, allowing for the inclusion of arbitrary files from the file system. This can be exploited in the Symfony2...

RhinOS 安全漏洞

RhinOS is a web development framework. A security vulnerability exists in RhinOS version 3.0-1190, which originates from an easy cross-site scripting XSS attack via the search parameter in /portal/search.htm, which allows an attacker to steal details of a victim's user session by submitting a...

GNUBOARD6 Security Vulnerability

GNUBOARD6 is a fastapi based content management system. A security vulnerability exists in GNUBOARD6 that stems from vulnerability to cross-site scripting XSS attacks via board.py...

PCoIP Management Console – Potential Denial of Service

A vulnerability has been reported in the Grails open-source web framework used by Teradici PCoIP Management Console, which might potentially lead to a JVM crash or denial of service. An updated Teradici PCoIP Management Console has been released to mitigate this issue. Customers using Management...