Lucene search
K

133 matches found

Positive Technologies
Positive Technologies
added 2017/01/03 12:0 a.m.6 views

PT-2017-10385 · Html5Lib +1 · Html5Lib +1

Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the mishandling of the character in attribute values by the serializer in html5lib, potentially allowing remote attackers to conduct cross-site scripting XSS attacks...

6.1CVSS6AI score0.02141EPSS
Exploits0References27
Positive Technologies
Positive Technologies
added 2017/01/03 12:0 a.m.5 views

PT-2017-10386 · Html5Lib +1 · Html5Lib +1

Name of the Vulnerable Software and Affected Versions: html5lib versions prior to 0.99999999 Description: The issue concerns the serializer in html5lib, which might allow remote attackers to conduct cross-site scripting XSS attacks. This is due to the mishandling of special characters in attribut...

6.1CVSS6.2AI score0.02141EPSS
Exploits0References27
RedHat Linux
RedHat Linux
added 2016/09/13 11:9 a.m.14 views

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

6.1CVSS5.7AI score0.03438EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/09/13 11:8 a.m.6 views

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

6.1CVSS5.7AI score0.03438EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/09/13 11:5 a.m.13 views

rubygem-actionview: cross-site scripting flaw in Action View

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

6.1CVSS5.7AI score0.03438EPSS
Exploits0References5
NVD
NVD
added 2016/09/07 7:28 p.m.20 views

CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6AI score0.03438EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2016/09/07 7:28 p.m.39 views

CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6.8AI score0.03438EPSS
Exploits0References1
Cvelist
Cvelist
added 2016/09/07 7:0 p.m.30 views

CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1AI score0.03438EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2016/09/07 7:0 p.m.58 views

CVE-2016-6316

Cross-site scripting XSS vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers...

6.1CVSS6.3AI score0.03438EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/08/26 12:0 a.m.25 views

Debian DSA-3651-1 : rails - security update

Andrew Carpenter of Critical Juncture discovered a cross-site scripting vulnerability affecting Action View in rails, a web application framework written in Ruby. Text declared as 'HTML safe' will not have quotes escaped when used as attribute values in tag helpers. %NASLMINLEVEL 70300 C Tenable...

6.1CVSS6.7AI score0.03438EPSS
Exploits0References4
Debian
Debian
added 2016/08/25 4:20 p.m.87 views

[SECURITY] [DSA 3651-1] rails security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3651-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 25, 2016 https://www.debian.org/security/faq -...

6.1CVSS6.4AI score0.03438EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2016/08/12 6:18 a.m.22 views

CVE-2016-6316

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

6.1CVSS2.5AI score0.03438EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2016/08/11 12:0 a.m.28 views

Rails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...

6.1CVSS1.4AI score0.03438EPSS
Exploits0References1
RubySec
RubySec
added 2016/08/11 12:0 a.m.28 views

Possible XSS Vulnerability in Action View

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...

6.1CVSS1.6AI score0.03438EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2016/05/09 2:4 p.m.8 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
OSV
OSV
added 2016/04/28 10:59 p.m.6 views

CVE-2016-1386

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

7.5CVSS5.8AI score0.01061EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2016/04/21 2:42 p.m.5 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/21 1:46 p.m.10 views

OpenJDK: incorrect handling of surrogate pairs in XML attribute values (JAXP, 8143167)

It was discovered that the JAXP component in OpenJDK failed to properly handle Unicode surrogate pairs used as part of the XML attribute values. Specially crafted XML input could cause a Java application to use an excessive amount of memory when parsed...

5CVSS7.3AI score0.038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/04/20 7:34 p.m.57 views

Critical: Red Hat Security Advisory: java-1.8.0-openjdk security update

An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

10CVSS6.8AI score0.92334EPSS
Exploits1References7
myhack58
myhack58
added 2015/10/17 12:0 a.m.55 views

word type confusion Vulnerability CVE-2 0 1 5-1 6 4 1 Analysis-vulnerability warning-the black bar safety net

Vulnerability overview This year 4 month, Microsoft patched a named CVE-2 0 1 5-1 6 4 1 word type confusion vulnerability, an attacker can construct the embedded docx rtf documents to attack. word in parsing the docx document processing displacedByCustomXML attribute not customXML object for...

0.3AI score
Exploits0
Rows per page
Query Builder