Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2019/06/06 4:40 p.m.40 views

Security Bulletin: IBM API Connect V5 is impacted by Cross Site Scripting vulnerability (CVE-2016-10531 CVE-2018-3721 CVE-2017-0268)

Summary API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-0268 DESCRIPTION: Microsoft Server Message Block 1.0 SMBv1 could allow a remote attacker to obtain sensitive information, caused by improper handling of incoming requests. By sending...

6.5CVSS0.7AI score0.07243EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/04/29 10:25 p.m.28 views

Security Bulletin: IBM API Connect is affected by vulnerabilities in Node JS modules (CVE-2018-3721 CVE-2016-10531)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3721 DESCRIPTION: Node.js lodash module could allow a remote attacker to bypass security restrictions, caused by a flaw in the defaultsDeep, 'merge, and mergeWith functions. By modifing the...

6.5CVSS0.8AI score0.02413EPSS
Exploits3Affected Software1
vulnersOsv
vulnersOsv
added 2019/02/18 11:58 p.m.6 views

08cms (=1.0.0), 0ad-tools (=0.0.1) +8954 more potentially affected by CVE-2016-10531 via marked (>=0.0.1 <=0.3.5)

marked NPM version =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2016-10531 Source advisory: OSV:GHSA-VFVF-MQQ8-RWQC...

6.1CVSS6.6AI score0.01463EPSS
Exploits1
Prion
Prion
added 2018/06/17 8:29 p.m.20 views

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10531. Reason: This candidate is a reservation duplicate of CVE-2016-10531. Notes: All CVE users should reference CVE-2016-10531 instead of this candidate. All references and descriptions in this candidate have been removed t...

6.2AI score0.01463EPSS
Exploits1
NVD
NVD
added 2018/05/31 8:29 p.m.16 views

CVE-2016-10531

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection sanitize: true to inject a javascript: URL. This flaw exists because...

6.1CVSS6.2AI score0.01463EPSS
Exploits1References3
Cvelist
Cvelist
added 2018/05/31 8:0 p.m.31 views

CVE-2016-10531

marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection sanitize: true to inject a javascript: URL. This flaw exists because...

6.2AI score0.01463EPSS
Exploits1References3
CVE
CVE
added 2018/05/31 8:0 p.m.115 views

CVE-2016-10531

CVE-2016-10531 affects the marked library (0.3.5 and earlier). The issue arises when parsing HTML entities: &#xNN... leaves trailing text, allowing bypass of sanitize: true and injection of a javascript: URL. This enables cross-site scripting via markdown-rendered links. Affected: marked where li...

6.1CVSS6.2AI score0.01463EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder