8542 matches found
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
Moderate: Red Hat Security Advisory: python-jinja2 security update
An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
XADMaster 安全漏洞
MacPaw XADMaster is a library from MacPaw Ukraine. A security vulnerability exists in XADMaster version 1.10.8, which stems from the fact that when extracting specially crafted zip archives, XADMaster may fail to apply the quarantine attribute correctly, potentially bypassing Gatekeeper's checks ...
The vulnerability of the Jeg Elementor Kit plugin for WordPress content management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the Jeg Elementor Kit plugin for the WordPress content management system is related to the lack of protection for website structure during the processing of the htmltag attribute. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
PT-2024-5152 · Ibm · Ibm Cloud Pak For Security +1
Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.10.0.0 through 1.10.11.0 IBM QRadar Suite for Software versions 1.10.12.0 through 1.10.19.0 Description: The issue is related to errors in security settings, specifically the failure to set the...
PT-2024-19395 · Xadmaster · Xadmaster
Name of the Vulnerable Software and Affected Versions: XADMaster versions prior to 1.10.8 Description: XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive, XADMaster may not apply the quarantine attribute correctly,...
ALSA-2024:2348 Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...
RHEL 9 : python-jinja2 (RHSA-2024:2348)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2348 advisory. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports...
Moderate: python-jinja2 security update
The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...
RHEL 9 : fence-agents (RHSA-2024:2132)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...
MacPaw 安全漏洞
MacPaw is a Mac-specific decompression application from MacPaw, Inc. A security vulnerability exists in MacPaw versions prior to 4.3.6, which stems from a vulnerability in Unarchiver that contains a vulnerability related to the lack of an isolation attribute for extracted items...
SUSE SLES15: frr / frr-devel / libfrr0 / libfrr_pb0 / libfrrcares0 / etc (SUSE-SU-2024:1453-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1453-1 advisory. - CVE-2024-27913: Fixed a denial of service issue via a malformed OSPF LSA packet bsc1220548. - CVE-2024-31948: Fixed...
CVE-2024-3048
The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...
CVE-2024-3188
CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...
jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...
CVE-2024-2799
CVE-2024-2799 affects the Royal Elementor Addons and Templates WordPress plugin. The issue is stored XSS via Image Grid and Advanced Text widgets due to insufficient input sanitization and output escaping in user-supplied attributes, allowing an authenticated attacker with contributor+ privileges...
Denial Of Service (DoS)
FRRouting/frr is vulnerable to Denial of Service DoS. This vulnerability occurs due to improper handling of the Prefix SID attribute in the bgpattrmalformed function within bgpattr.c, leading to a crash of the bgpd daemon...
EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-1554)
According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax...
SUSE CVE-2023-52643
In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iiodeviceregistersysfs When iiodeviceregistersysfsgroup fails, we should free iiodevopaque-chanattrgroup.attrs to prevent potential memleak...