Lucene search
K

8542 matches found

Patchstack
Patchstack
added 2024/05/10 10:8 a.m.3 views

WordPress Beaver Builder plugin <= 2.8.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photo widget crop attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via photo widget crop attribute vulnerability discovered by Thanh Nam Tran in WordPress Plugin Beaver Builder versions = 2.8.1.2...

6.4CVSS5.8AI score0.00486EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.5 views

PT-2024-31261 · Kadence Wp · Gutenberg Blocks With Ai

Name of the Vulnerable Software and Affected Versions: Gutenberg Blocks with AI by Kadence WP plugin for WordPress versions up to, and including, 3.2.36 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, specifically the link...

6.4CVSS7.2AI score0.0034EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/10 12:0 a.m.3 views

HDF Group HDF5 安全漏洞

HDF Group HDF5 is a suite of tools for managing and storing different types of data from the American company HDF Group. The product supports managing, manipulating, viewing and analyzing data and generating files in portable formats. A security vulnerability exists in HDF5 Library version 1.14.3...

9.8CVSS7.8AI score0.00951EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/09 12:0 a.m.3 views

PT-2024-6206 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions 1.14.3 and earlier Description: The issue is related to the use of an uninitialized value in the H5A attr release table function in the H5Aint.c file of the HDF5 Library. This could potentially allow a remote attacker to...

10CVSS7.6AI score0.00951EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/05/07 6:54 a.m.50 views

CVE-2024-34064

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.3AI score0.00979EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/06 2:41 p.m.35 views

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.4AI score0.00979EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/05/06 2:41 p.m.32 views

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS5.7AI score0.00979EPSS
Exploits0References6
CVE
CVE
added 2024/05/06 2:41 p.m.414 views

CVE-2024-34064

The CVE-2024-34064 issue affects Jinja2’s xmlattr filter, where keys containing non-attribute characters (e.g., spaces, /, &gt;, =) can be rendered into HTML attributes, potentially enabling attribute-injection-based XSS when applications render user-supplied keys. The vulnerability arises if an ...

5.4CVSS6.2AI score0.00979EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/05/06 2:41 p.m.44 views

CVE-2024-34064 Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as...

5.4CVSS6.6AI score0.00979EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2024/05/06 2:20 p.m.55 views

Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.2AI score0.00979EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2024/05/06 2:20 p.m.5 views

GHSA-H75V-3VVJ-5MFJ Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate attribute. If an application accepts keys as opposed to only values as user input, and...

5.4CVSS6.9AI score0.00979EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2024/05/06 12:0 a.m.24 views

Jinja2 -- Vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

[email protected] reports: Jinja is an extensible templating engine. The xmlattr filter in affected versions of Jinja accepts keys containing non-attribute characters. XML/HTML attributes cannot contain spaces, /, , or =, as each would then be interpreted as starting a separate...

6.9AI score
Exploits0References1
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.2 views

Pallets Jinja 跨站脚本漏洞

Pallets Jinja is a template engine written in the Python language. A security vulnerability exists in Pallets Jinja versions prior to 3.1.4, which stems from the fact that Jinja is susceptible to HTML attribute injection when passing user input as a key to the xmlattr filter...

5.4CVSS6.4AI score0.00979EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2024/05/06 12:0 a.m.23 views

Oracle Linux 9 : python-jinja2 (ELSA-2024-2348)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2348 advisory. 2.11.3-5 - Security fix for CVE-2024-22195 Resolves: RHEL-21349 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.1CVSS7.2AI score0.00892EPSS
Exploits0References2
CVE
CVE
added 2024/05/04 3:31 a.m.61 views

CVE-2024-3240

CVE-2024-3240 affects the ConvertPlug (ConvertPlus) WordPress plugin up to version 3.5.25. It allows authenticated users withContributor+ access to trigger a PHP Object Injection via deserialization of untrusted data in the shortcodes’ settings_encoded attribute of the smile_info_bar element, pot...

8.8CVSS7AI score0.00769EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 6:30 p.m.23 views

GHSA-M5JF-8CRM-R65M Vditor allows Cross-site Scripting via an attribute of an `A` element

Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...

6.1CVSS5.3AI score0.00359EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/05/03 6:30 p.m.36 views

Vditor allows Cross-site Scripting via an attribute of an `A` element

Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...

6.1CVSS5.9AI score0.00359EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2024/05/03 5:15 p.m.10 views

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

4.3CVSS4.5AI score0.00366EPSS
Exploits0References2
OSV
OSV
added 2024/05/03 5:15 p.m.2 views

CVE-2021-20450

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

4.3CVSS5.6AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/03 4:55 p.m.11 views

CVE-2021-20450 IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...

4.3CVSS5.2AI score0.00366EPSS
Exploits0References2
Rows per page
Query Builder