17 matches found
Linux Distros Unpatched Vulnerability : CVE-2022-23520
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with...
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Withdrawn Advisory This advisory has been withdrawn because it was determined to not be a vulnerability in Bootstrap. From the CVE: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
K10506844: Apache Struts 2 vulnerabilities CVE-2013-1966, CVE-2013-2115, CVE-2013-2134, and CVE-2013-2135
Security Advisory Description CVE-2013-1966 Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. CVE-2013-2115 Apache Struts 2 before 2.3.14.2 allow...
SUSE CVE-2006-3199
Opera 9 allows remote attackers to cause a denial of service crash via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation...
SUSE CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...
CVE-2021-43827
The CVE-2021-43827 issue concerns the discourse-footnote library used with Discourse. Affected behavior occurs when an inline footnote is wrapped in tags, producing a nested element in rendered HTML. Nokogiri strips the nested tag, leading to a JavaScript error on topic pages when code searches...
kolczykowo.pl Cross Site Scripting vulnerability OBB-1244779
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2015-6665
Cross-site scripting XSS vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors involving a whitelisted HTML element, possibly related to the "a" tag...
CmsEasy_5.5_UTF-8_20140420 存在存储型xss 可打管理员和平行用户
简要描述: CmsEasy5.5UTF-820140420 存在存储型xss 可打管理员和平行用户 详细说明: 第一种情况(攻击管理员): 注册用户后,然后访问/CmsEasy5.5UTF-820140420/uploads/bbs/add-archive.php?cid=1 进行发帖,其中主题填写: " oninput=alert1 然后登陆管理员,如图所示: 点击"操作"底下的编辑,然后,让管理员发现问题的时候,对其内容进行删除修改时候,抽发xss 如图所示: 第二种情况(攻击平行用户):...
CVE-2013-1966
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...
Code injection
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...
CVE-2006-5783
Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service crash via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not...
Cross site scripting
Cross-site scripting XSS vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an tag in the comment parameter, which strips most tags but not...
CVE-2006-0361
Cross-site scripting XSS vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an tag in the comment parameter, which strips most tags but not...
CVE-2005-2961
Buffer overflow in the getstringahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an tag...