7 matches found
Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)
Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...
Security Bulletin: IBM API Connect is affected by vulnerabilities in Node JS modules (CVE-2018-3721 CVE-2016-10531)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3721 DESCRIPTION: Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the...
08cms (=1.0.0), 0ad-tools (=0.0.1) +8954 more potentially affected by CVE-2016-10531 via marked (>=0.0.1 <=0.3.5)
marked NPM version =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2016-10531 Source advisory: OSV:GHSA-VFVF-MQQ8-RWQC...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10531. Reason: This candidate is a reservation duplicate of CVE-2016-10531. Notes: All CVE users should reference CVE-2016-10531 instead of this candidate. All references and descriptions in this candidate have been removed t...
CVE-2016-10531
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection sanitize: true to inject a javascript: URL. This flaw exists because...
CVE-2016-10531
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection sanitize: true to inject a javascript: URL. This flaw exists because...
CVE-2016-10531
CVE-2016-10531 affects the marked library (0.3.5 and earlier). The issue arises when parsing HTML entities: &#xNN... leaves trailing text, allowing bypass of sanitize: true and injection of a javascript: URL. This enables cross-site scripting via markdown-rendered links. Affected: marked where li...