Lucene search
K

89 matches found

OSV
OSV
added 2023/05/31 6:30 a.m.18 views

GHSA-G47H-FGCW-G4PH Algernon engine and themes vulnerable to Cross-site Scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

6.1CVSS5.6AI score0.00691EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/05/31 6:30 a.m.20 views

Algernon engine and themes vulnerable to Cross-site Scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

6.1CVSS6.1AI score0.00691EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2023/05/31 5:15 a.m.5 views

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

6.1CVSS6.4AI score0.00691EPSS
Exploits1References5
Prion
Prion
added 2023/05/31 5:15 a.m.19 views

Cross site scripting

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

5.8CVSS5.9AI score0.00691EPSS
Exploits1References5
Cvelist
Cvelist
added 2023/05/31 5:0 a.m.28 views

CVE-2023-26131

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possibl...

5.4CVSS6.2AI score0.00691EPSS
Exploits1References5
CVE
CVE
added 2023/05/31 5:0 a.m.46 views

CVE-2023-26131

Summary: CVE-2023-26131 affects the Algernon project’s engine and themes components via an XSS flaw in themes.NoPage(filename, theme) caused by improper user input sanitization when a file/resource is not found. The vulnerability is evidenced by multiple connected sources detailing the same issue...

6.1CVSS6AI score0.00691EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2023/05/31 12:0 a.m.5 views

algernon 跨站脚本漏洞

algernon is a web server. A security vulnerability exists in algernon that stems from incorrect cleaning of user input. An attacker could exploit this vulnerability to conduct a cross-site scripting attack...

6.1CVSS5.9AI score0.00691EPSS
Exploits1References6
Snyk
Snyk
added 2023/02/07 11:55 a.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. PoC bash go install...

6.1CVSS5.3AI score0.00691EPSS
Exploits1References2
Snyk
Snyk
added 2023/02/07 11:55 a.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the themes.NoPagefilename, theme function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found. PoC bash go install...

6.1CVSS5.3AI score0.00691EPSS
Exploits1References2
Rows per page
Query Builder