Intelliants Subrion CMS 4.2.1 - Authenticated File Upload Bypass to RCE

This module exploits an authenticated file upload vulnerability in Subrion CMS versions 4.2.1 and lower. The vulnerability is caused by the .htaccess file not preventing the execution of .pht, .phar, and .xhtml files. Files with these extensions are not included in the .htaccess blacklist, hence...

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

PT-2023-26177 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 14.6-rc-1 through 14.10.3 XWiki versions prior to 15.0 RC1 Description: The issue concerns the cleaning of attributes during XHTML rendering in XWiki, which allowed the injection of arbitrary HTML code and thus cross-site...

SUSE CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

SUSE CVE-2016-9107

The OTR plugin for Gajim sends information in cleartext when using XHTML, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

Cross site scripting

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite up to version 7.10.6 is affected by a cross-site scripting (XSS) vulnerability (CVE-2022-37307) that can be triggered via XHTML CDATA in a snippet, demonstrated by the onerror attribute of an IMG element in an email signature. The root cause is an injection possibility in the fronten...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

PT-2022-23914 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for cross-site scripting XSS via XHTML CDATA for a snippet. This can be demonstrated by the onerror attribute of an IMG element within an e-mail signature. Recommendations...

Cross-site Scripting (XSS) - Stored via xHTML file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an xHTML file with the javascript code inside. Proof of Concept phish.xhtml alertdocument.domain; Step to reproduce From attacker side student 1.Login to the demo environment by student account...

CVE-2022-23850

xhtmltranslateentity in xhtml.c in epub2txt aka epub2txt2 through 2.02 allows a stack-based buffer overflow via a crafted EPUB document...

CVE-2022-23850

xhtmltranslateentity in xhtml.c in epub2txt aka epub2txt2 through 2.02 allows a stack-based buffer overflow via a crafted EPUB document...

Stack overflow

xhtmltranslateentity in xhtml.c in epub2txt aka epub2txt2 through 2.02 allows a stack-based buffer overflow via a crafted EPUB document...

PT-2022-16292 · Epub2Txt · Epub2Txt

Name of the Vulnerable Software and Affected Versions: epub2txt aka epub2txt2 versions 2.02 and earlier Description: The issue allows a stack-based buffer overflow via a crafted EPUB document. This is due to the xhtml translate entity function in xhtml.c. Recommendations: For versions 2.02 and...

[SECURITY] Fedora 35 Update: roundcubemail-1.5.2-1.fc35

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 34 Update: roundcubemail-1.4.13-1.fc34

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...