18 matches found
EUVD-2017-0075
Malware in sbrugna...
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...
CVE-2025-2835 zhangyd-c OneBlog RestApiController.java autoLink server-side request forgery
A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been declared as problematic. Affected by this vulnerability is the function autoLink of the file com/zyd/blog/controller/RestApiController.java. The manipulation leads to server-side request forgery. The attack can be launched...
SUSE CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
GHSA-HPV5-V8G5-C864 Cross-site Scripting in Mistune
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
Cross-site Scripting in Mistune
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
PYSEC-2017-80
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
UBUNTU-CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
Design/Logic Flaw
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline such as in java\nscript: or a crafted email address, related to the escape and autolink functions...
CVE-2017-15612
The CVE relates to Mistune Python package: mistune.py in Mistune 0.7.4 contains an XSS vulnerability triggered by an unexpected newline (e.g., java\nscript:) or crafted email addresses, tied to escape and autolink handling. Connected sources document this vulnerability and show mitigations: openS...
Cross-site Scripting (XSS)
b2evolution is vulnerable to Cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...
CVE-2016-7149
Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...
Cross site scripting
Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...
CVE-2016-7149
Cross-site scripting XSS vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function...