Cross-site Scripting (XSS)

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Cross-site Scripting XSS via the jsxAttr and JSX attribute rendering paths in src/jsx/jsx-runtime.ts, src/jsx/base.ts, and src/jsx/dom/render.ts. An attacker can inject executable markup ...

ntfs-3g: Heap buffer overflow in ntfs_attr_setup_flag() triggered by a specially crafted NTFS attribute from MFT

The ntfs3g package is susceptible to a heap overflow on crafted input. When processing NTFS attributes from the MFT , proper bounds checking was not enforced leading to this software flaw. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

UBUNTU-CVE-2021-33285

In NTFS-3G versions 2021.8.22, when a specially crafted NTFS attribute is supplied to the function ntfsgetattributevalue, a heap buffer overflow can occur allowing for memory disclosure or denial of service. The vulnerability is caused by an out-of-bound buffer access which can be triggered by...

Cross site scripting

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...

CVE-2018-20778

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows XSS by creating a new file containing a crafted attribute of an IMG element...

CVE-2018-18540

TeaKKi 2.7 allows XSS via a crafted onerror attribute for a picture's URL...

Open-AudIT Cross-Site Scripting Vulnerability (CNVD-2018-12810)

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in the Attributes feature in versions of Open-AudIT Community Edition prior to 2.2.2. A remote attacker can...

CVE-2018-11124

Cross-site scripting XSS vulnerability in Attributes functionality in Open-AudIT Community edition before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted attribute name of an Attribute...

CVE-2018-0908

Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability."...

Code injection

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

CVE-2016-1386

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

CVE-2016-1386

The API in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.01 allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521...

Design/Logic Flaw

Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerability," a different vulnerability than CVE-2014-6365...

Design/Logic Flaw

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open'\u0000javascript: sequence to the Android Browser application 4.2.1 or a third-party web browser...

Code injection

ubiquity-slideshow-ubuntu before 58.2, during installation, allows remote man-in-the-middle attackers to execute arbitrary web script or HTML and read arbitrary files via a crafted attribute in the tag of a Twitter feed...

CVE-2011-3387

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

CVE-2008-1082

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting XSS attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation...