Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DataTable widget when a query parameter is rendered without proper output escaping. An attacker can execute arbitrary scripts in the context of the user's browser by tricking a user into visiting a craft...

Apache Log4j 安全漏洞

Apache Log4j is an open-source logging tool based on Java, developed by the Apache Foundation in the United States. There is a security vulnerability in Apache Log4j, which stems from Log4j1XmlLayout failing to escape characters prohibited by the XML 1.0 standard, potentially resulting in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of user-controlled input in the identity name field without proper output encoding. An attacker can execute arbitrary JavaScript in the context of the WebUI by storing malicious scripts in the...

EUVD-2008-1142

Malware in sbrugna...

EUVD-2019-0295

Malware in sbrugna...

EUVD-2017-14557

Malware in sbrugna...

EUVD-2019-0781

Malware in sbrugna...

EUVD-2019-0713

Malware in sbrugna...

EUVD-2024-51948

Malicious code in bioql PyPI...

EUVD-2022-5814

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Administration Console. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious payloads through user-controllable input fields. Details Cross-site scripting o...

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

Mozilla -- insufficient character escaping

[email protected] reports: Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the fallback error renderer. An attacker can manipulate the output displayed to the user by injecting malicious scripts into the input that is reflected in error messages. Note: This is only exploitable ...

Qualisys Realtime SDK 安全漏洞

Qualisys Realtime SDK is a Qualisys open source C++ SDK for communicating with Qualisys Track Manager software. A security vulnerability exists in Qualisys Realtime SDK that stems from the presence of a heap buffer overflow that allows an attacker to cause a denial of service DoS by escaping...

ROS-20250127-01

Vulnerability of striptags function of django.utils.html module of Django web application software platform is related to unrestricted resource allocation as a result of incorrect HTML character escaping. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial ...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the FirstName field in the profile search functionality. An attacker can execute arbitrary web scripts or inject malicious HTML by submitting crafted input. Details Cross-site scripting or XSS is a code...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in Admin section. It have the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie. Details Cross-site scripting or XSS is a code vulnerability that...

DEBIAN-CVE-2021-32796

xmldom is an open source pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes duri...