Lucene search
K

8531 matches found

RedHat Linux
RedHat Linux
added 2024/07/09 12:59 p.m.2 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 9:23 a.m.2 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/07/09 8:52 a.m.2 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-26854 · WordPress · Osm – Openstreetmap

Name of the Vulnerable Software and Affected Versions: OSM – OpenStreetMap plugin for WordPress versions up to, and including, 6.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'osm map' shortcode due to insufficient input sanitization and output escaping on...

6.4CVSS5.9AI score0.00344EPSS
Exploits0References6
Snyk
Snyk
added 2024/07/08 3:40 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML title attribute in the list view. An attacker can manipulate the output and inject malicious scripts by crafting malicious input that is improperly escaped. Note Patched version 3.1.3 has a...

6.8CVSS5.3AI score0.00579EPSS
Exploits0References2
OSV
OSV
added 2024/07/08 3:15 p.m.2 views

UBUNTU-CVE-2024-39308

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS5.8AI score0.00579EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2024/07/08 2:33 p.m.14 views

CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS5.9AI score0.00579EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/07/08 2:33 p.m.27 views

CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

6.8CVSS0.00579EPSS
Exploits0References6
OSV
OSV
added 2024/07/04 4:15 a.m.4 views

CVE-2024-2385

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, t...

8.8CVSS6.3AI score0.00886EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/07/04 12:0 a.m.7 views

PT-2024-20120 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 Description: The issue allows authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server throug...

8.8CVSS8.2AI score0.00886EPSS
Exploits0References8
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.4 views

WordPress plugin The Plus Addons for Elementor Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

6.4CVSS6.2AI score0.004EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/02 3:30 p.m.3 views

jinja2: accepts keys containing non-attribute characters

A flaw was found in jinja2. The xmlattr filter accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.7AI score0.00979EPSS
Exploits0References5
OSV
OSV
added 2024/07/02 8:15 a.m.4 views

CVE-2024-5504

The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user...

5.4CVSS6AI score0.00349EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/07/02 8:2 a.m.4 views

389-ds-base: a heap overflow leading to denail-of-servce while writing a value larger than 256 chars (in log_entry_attr)

A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in logentryattr...

5.5CVSS5.7AI score0.00304EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.4 views

PT-2024-18037 · Unknown · The Post Grid – Shortcode

Name of the Vulnerable Software and Affected Versions: The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin versions up to, and including, 7.7.1 Description: The issue is related to Stored Cross-Site Scripting via the section title tag attribute due to insufficient...

6.4CVSS6.1AI score0.00341EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/07/02 12:0 a.m.4 views

WordPress plugin Rife Elementor Extensions & Templates Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.1AI score0.00349EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/07/02 12:0 a.m.4 views

PT-2024-36463 · WordPress · Rife Elementor Extensions & Templates

Name of the Vulnerable Software and Affected Versions: Rife Elementor Extensions & Templates plugin for WordPress versions up to, and including, 1.2.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the tag attribute...

6.4CVSS7.2AI score0.00349EPSS
Exploits0References7
AlmaLinux
AlmaLinux
added 2024/07/02 12:0 a.m.42 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: accepts keys containing non-attribute characters CVE-2024-34064 For...

5.4CVSS7.2AI score0.00979EPSS
Exploits0References4
Snyk
Snyk
added 2024/07/01 1:40 p.m.3 views

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:ag-grid-enterprise is an Advanced Data Grid / Data Table supporting Javascript / Typescript / React / Angular / Vue Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the .mergeDeep...

6.3CVSS6AI score0.00827EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/07/01 12:0 a.m.19 views

GeoServer Code Injection Vulnerability

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A code injection vulnerability exists in GeoServer that stems from insecurely resolving attribute names to XPath expressions, which could lead to remote code...

9.8CVSS8.2AI score0.99813EPSS
Exploits26References9
Rows per page
Query Builder