Lucene search
K

30 matches found

OSV
OSV
added 2022/12/12 3:15 a.m.4 views

DEBIAN-CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1CVSS6AI score0.00402EPSS
Exploits0References1
OSV
OSV
added 2022/12/12 3:15 a.m.2 views

UBUNTU-CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1CVSS6.4AI score0.00402EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/12/12 12:0 a.m.5 views

Redmine 跨站脚本漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides features such as project management, issue tracking and role-based access control. A cross-site scripting vulnerability exists in Redmine versions prior to 4.2.9 and 5.0.x through 5.0.4,...

6.1CVSS5.8AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/12 12:0 a.m.2 views

PT-2022-6947 · Redmine · Redmine

Name of the Vulnerable Software and Affected Versions: Redmine versions prior to 4.2.9 Redmine versions 5.0.x prior to 5.0.4 Description: The issue is related to the improper sanitization of the blockquote syntax in Textile-formatted fields, which can lead to a persistent XSS attack. This allows ...

6.4CVSS5.9AI score0.00402EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2022/12/12 12:0 a.m.28 views

CVE-2022-44031

Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields...

6.1CVSS6AI score0.00402EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/12/20 10:15 p.m.2 views

CVE-2021-43843

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

7.5CVSS7AI score0.01916EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2021/12/20 10:15 p.m.23 views

Design/Logic Flaw

jsx-slack is a package for building JSON objects for Slack block kit surfaces from JSX. The maintainers found the patch for CVE-2021-43838 in jsx-slack v4.5.1 is insufficient tfor protection from a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements int...

5CVSS7.5AI score0.01916EPSS
Exploits2References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/12/17 7:15 p.m.3 views

CVE-2021-43838

jsx-slack is a library for building JSON objects for Slack Block Kit surfaces from JSX. In versions prior to 4.5.1 users are vulnerable to a regular expression denial-of-service ReDoS attack. If attacker can put a lot of JSX elements into tag, an internal regular expression for escaping character...

7.5CVSS7.1AI score0.01377EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.18 views

PT-2021-23973 · Jsx-Slack · Jsx-Slack

Name of the Vulnerable Software and Affected Versions: jsx-slack versions 4.5.1 and earlier Description: The issue is related to a Regular Expression Denial of Service ReDoS attack. If an attacker can put a lot of JSX elements into the tag with including multibyte characters, an internal regular...

7.5CVSS7.2AI score0.01916EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2021/12/17 12:0 a.m.6 views

PT-2021-23969 · Jsx-Slack · Jsx-Slack

Name of the Vulnerable Software and Affected Versions: jsx-slack versions prior to 4.5.1 Description: The issue concerns a regular expression denial-of-service ReDoS attack. If an attacker can put a lot of JSX elements into the tag, an internal regular expression for escaping characters may consu...

7.5CVSS7.3AI score0.01377EPSS
Exploits1References7
Rows per page
Query Builder