Lucene search
K

10 matches found

Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56158

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, the streaming worksheet reader used by Rows and GetRows does not enforce the TotalRows limit on the row r attribute, allowing a small XLSX file with a row number above 1048576 and no cell...

8.7CVSS6.1AI score0.00524EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.12 views

PT-2026-56159

Excelize is a Go language library for reading and writing Microsoft Excel spreadsheets. Prior to 2.11.0, Excelize parses shared-string cell values with strconv.Atoi and checks only the upper bound before indexing the shared string slice, allowing an XLSX file containing a shared-string cell with ...

6.9CVSS6.1AI score0.00524EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56151

Name of the Vulnerable Software and Affected Versions Excelize versions prior to 2.11.0 Description The checkSheet function in the library uses an attacker-controlled XML attribute value directly as the length argument to makexlsxRow, row without validating it against the Excel row limit. A...

7.5CVSS6.1AI score0.00575EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2025/05/22 7:37 a.m.8 views

CVE-2019-0374

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

5.4CVSS6.9AI score0.00733EPSS
Exploits0References1
OSV
OSV
added 2022/05/17 5:7 a.m.35 views

GHSA-5GH4-V2CH-PCX4 phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

4.3CVSS6AI score0.01458EPSS
Exploits0References3
PyPA
PyPA
added 2021/10/18 3:15 p.m.6 views

PYSEC-2021-377

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

5.4CVSS6.9AI score0.01602EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2021/10/18 3:15 p.m.4 views

EUVD-2021-0021

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

5.4CVSS5.2AI score0.01602EPSS
Exploits0References5
Prion
Prion
added 2019/10/08 8:15 p.m.21 views

Cross site scripting

SAP BusinessObjects Business Intelligence Platform Web Intelligence HTML interface, before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting...

3.5CVSS5.4AI score0.00733EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2013/07/31 1:20 p.m.2 views

DEBIAN-CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

4.3CVSS8.5AI score0.01458EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/07/31 1:20 p.m.28 views

CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

4.3CVSS6.9AI score0.01458EPSS
Exploits0References1
Rows per page
Query Builder