Lucene search
K

8542 matches found

RedHat Linux
RedHat Linux
added 2024/04/30 9:56 a.m.5 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:48 a.m.4 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2024/04/30 9:48 a.m.43 views

Moderate: Red Hat Security Advisory: python-jinja2 security update

An update for python-jinja2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

6.1CVSS6.7AI score0.00892EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/30 12:0 a.m.13 views

XADMaster 安全漏洞

MacPaw XADMaster is a library from MacPaw Ukraine. A security vulnerability exists in XADMaster version 1.10.8, which stems from the fact that when extracting specially crafted zip archives, XADMaster may fail to apply the quarantine attribute correctly, potentially bypassing Gatekeeper's checks ...

5.5CVSS6.8AI score0.00196EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/04/30 12:0 a.m.4 views

The vulnerability of the Jeg Elementor Kit plugin for WordPress content management system allows attackers to perform cross-site scripting attacks.

The vulnerability of the Jeg Elementor Kit plugin for the WordPress content management system is related to the lack of protection for website structure during the processing of the htmltag attribute. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

6.4CVSS7.5AI score0.00505EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.5 views

PT-2024-5152 · Ibm · Ibm Cloud Pak For Security +1

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.10.0.0 through 1.10.11.0 IBM QRadar Suite for Software versions 1.10.12.0 through 1.10.19.0 Description: The issue is related to errors in security settings, specifically the failure to set the...

5.9CVSS6AI score0.00465EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.4 views

PT-2024-19395 · Xadmaster · Xadmaster

Name of the Vulnerable Software and Affected Versions: XADMaster versions prior to 1.10.8 Description: XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive, XADMaster may not apply the quarantine attribute correctly,...

5.5CVSS7.1AI score0.00196EPSS
Exploits0References9
OSV
OSV
added 2024/04/30 12:0 a.m.47 views

ALSA-2024:2348 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.18 views

RHEL 9 : python-jinja2 (RHSA-2024:2348)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2348 advisory. The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports...

6.1CVSS7.3AI score0.00892EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2024/04/30 12:0 a.m.62 views

Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.1AI score0.00892EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2024/04/30 12:0 a.m.36 views

RHEL 9 : fence-agents (RHSA-2024:2132)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2132 advisory. The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or...

6.1CVSS7.2AI score0.00892EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/04/29 12:0 a.m.2 views

MacPaw 安全漏洞

MacPaw is a Mac-specific decompression application from MacPaw, Inc. A security vulnerability exists in MacPaw versions prior to 4.3.6, which stems from a vulnerability in Unarchiver that contains a vulnerability related to the lack of an isolation attribute for extracted items...

3.3CVSS6.7AI score0.00154EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.20 views

SUSE SLES15: frr / frr-devel / libfrr0 / libfrr_pb0 / libfrrcares0 / etc (SUSE-SU-2024:1453-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1453-1 advisory. - CVE-2024-27913: Fixed a denial of service issue via a malformed OSPF LSA packet bsc1220548. - CVE-2024-31948: Fixed...

6.5CVSS6.6AI score0.00825EPSS
Exploits0References7
NVD
NVD
added 2024/04/26 5:15 a.m.21 views

CVE-2024-3048

The Bannerlid WordPress plugin through 1.1.0 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators...

5.5CVSS5.9AI score0.00431EPSS
Exploits2References1
CVE
CVE
added 2024/04/26 5:0 a.m.77 views

CVE-2024-3188

CVE-2024-3188 affects the WordPress plugin Shortcodes Ultimate (Shortcodes Plugin) up to version 7.0.x (pre-7.1.0). The issue is a lack of validation/escaping of certain shortcode attributes, which are output back into the page/post containing the shortcode. This can enable Stored Cross-Site Scri...

6.3CVSS8AI score0.00438EPSS
Exploits2References1Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.1 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
CVE
CVE
added 2024/04/23 5:33 a.m.64 views

CVE-2024-2799

CVE-2024-2799 affects the Royal Elementor Addons and Templates WordPress plugin. The issue is stored XSS via Image Grid and Advanced Text widgets due to insufficient input sanitization and output escaping in user-supplied attributes, allowing an authenticated attacker with contributor+ privileges...

6.4CVSS5.7AI score0.00434EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/04/19 10:34 a.m.26 views

Denial Of Service (DoS)

FRRouting/frr is vulnerable to Denial of Service DoS. This vulnerability occurs due to improper handling of the Prefix SID attribute in the bgpattrmalformed function within bgpattr.c, leading to a crash of the bgpd daemon...

6.5CVSS6.3AI score0.00825EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/04/19 12:0 a.m.26 views

EulerOS Virtualization 2.10.1 : python-jinja2 (EulerOS-SA-2024-1554)

According to the versions of the python-jinja2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax...

6.1CVSS7.5AI score0.00892EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/04/18 2:31 a.m.5 views

SUSE CVE-2023-52643

In the Linux kernel, the following vulnerability has been resolved: iio: core: fix memleak in iiodeviceregistersysfs When iiodeviceregistersysfsgroup fails, we should free iiodevopaque-chanattrgroup.attrs to prevent potential memleak...

4.7CVSS6.3AI score0.00225EPSS
Exploits0References6
Rows per page
Query Builder