Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the tomarkdown function. An attacker can inject arbitrary HTML content by supplying specially crafted input that includes HTML-significant characters...

EUVD-2017-15996

Malware in sbrugna...

EUVD-2014-4755

Malware in sbrugna...

EUVD-2020-19367

Malware in sbrugna...

EUVD-2015-8481

Malware in sbrugna...

EUVD-2008-1259

Malware in sbrugna...

EUVD-2019-0297

Malware in sbrugna...

EUVD-2005-1362

Malware in sbrugna...

EUVD-2021-1888

Malware in sbrugna...

EUVD-2021-10779

Malware in sbrugna...

EUVD-2020-28695

Malware in sbrugna...

EUVD-2024-46200

Malicious code in bioql PyPI...

EUVD-2024-22188

Malicious code in bioql PyPI...

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfigincludes is vulnerable to directory traversal leading to same scenarios as...

cri-o: Arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

cri-o: Arbitrary command injection via pod annotation

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system...

Exploit for Code Injection in Apache Rocketmq

CVE-2023-33246RocketMQRCEEXP CVE-2023-33246 RocketMQ Remote...

CVE-2023-29400

Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags...

CVE-2023-29007

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

Information disclosure

SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...