Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.4 views

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

6.1CVSS6.5AI score0.01452EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.2 views

SUSE CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

6.3CVSS9.6AI score0.01452EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2021/12/29 12:0 a.m.22 views

Debian DLA-2864-1 : ruby-haml - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2864 advisory. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case, the '...

6.1CVSS7.5AI score0.01452EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2020/07/27 12:0 a.m.24 views

GLSA-202007-27 : Haml: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202007-27 Haml: Arbitrary code execution It was discovered that Haml was not correctly filtering out special characters which may be used for attributes. Impact : A remote attacker could possibly execute arbitrary code with the...

6.1CVSS8AI score0.01452EPSS
Exploits1References2
CVE
CVE
added 2019/10/15 5:35 p.m.108 views

CVE-2017-1002201

CVE-2017-1002201 describes a cross-site scripting/code execution risk in Haml prior to 5.0.0.beta.2 when user input is used on the server and the single quote character was not escaped, allowing input manipulation that could introduce attributes and potentially execute code. Public details confir...

6.1CVSS6.1AI score0.01452EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder