CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2023/06/09 7:15 p.m.•1 views

CVE-2023-29713

Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory...

6.1CVSS6.2AI score0.0068EPSS

Exploits0References3

Tenable Nessus•added 2023/06/09 12:0 a.m.•36 views

Amazon Linux AMI : golang (ALAS-2023-1760)

The version of golang installed on the remote host is prior to 1.18.6-1.44. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1760 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted...

9.8CVSS7.4AI score0.01548EPSS

Exploits0References8

Amazon•added 2023/06/08 12:0 a.m.•64 views

Important: golang

9.8CVSS7.4AI score0.01548EPSS

RedHat Linux•added 2023/06/07 2:8 a.m.•5 views

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

RedHat Linux•added 2023/06/07 1:50 a.m.•55 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.2 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.2 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

9.8CVSS6.7AI score0.04561EPSS

Exploits0References22

Ubuntu•added 2023/06/06 6:44 a.m.•94 views

USN-6140-1: Go vulnerabilities

It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting in a denial of service. This issue only affected golang-1.19 on Ubuntu 22.10. CVE-2022-41724, CVE-2023-24534, CVE-2023-24537 It was discovered...

9.8CVSS7AI score0.02281EPSS

RedHat Linux•added 2023/06/05 6:55 p.m.•3 views

golang: html/template: improper sanitization of CSS values

Patchstack•added 2023/06/05 12:0 a.m.•8 views

WordPress Responsive CSS EDITOR Plugin <= 1.0 is vulnerable to SQL Injection

Software Responsive CSS EDITOR Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-2482 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 0ef0cb588232 Credits Chien Vuong Required privilege Administrator...

7.2CVSS6.8AI score0.0085EPSS

Exploits2References3Affected Software1

WPVulnDB•added 2023/06/05 12:0 a.m.•17 views

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. PoC 1. Send a request with the payload:...

7.2CVSS9.6AI score0.0085EPSS

Exploits2Affected Software1

wpexploit•added 2023/06/05 12:0 a.m.•160 views

Responsive CSS EDITOR <= 1.0 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. 1. Send a request with the payload:...

7.2CVSS9.8AI score0.0085EPSS

Exploits2

Tenable Nessus•added 2023/06/05 12:0 a.m.•29 views

Amazon Linux 2 : golang (ALAS-2023-2052)

The version of golang installed on the remote host is prior to 1.18.9-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-2052 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted into CSS...

7.3CVSS7AI score0.01037EPSS

Exploits0References4

Amazon•added 2023/05/31 12:0 a.m.•67 views

Important: golang

7.3CVSS7.1AI score0.01037EPSS

Openbugbounty•added 2023/05/29 1:44 p.m.•8 views

halkidikispa.com Cross Site Scripting vulnerability OBB-3367554

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score

Prion•added 2023/05/26 9:15 p.m.•22 views

Input validation

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...

4CVSS6.4AI score0.00285EPSS

Exploits0References2Affected Software1

Github Security Blog•added 2023/05/26 1:52 p.m.•38 views

html inputs of type password recorded in plaintext when converted to text inputs

Impact Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs. A customer may assume that switching to type="text"...

6.5CVSS6.9AI score0.00285EPSS

Exploits0References4Affected Software1

OSV•added 2023/05/26 11:5 a.m.•4 views

OESA-2023-1294 golang security update

The Go Programming Language. Security Fixes: Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into...

9.8CVSS7.3AI score0.01548EPSS

Exploits0References4

RedHat Linux•added 2023/05/25 12:29 p.m.•5 views

golang: html/template: improper sanitization of CSS values

RedHat Linux•added 2023/05/25 8:10 a.m.•3 views

golang: html/template: improper sanitization of CSS values