7 matches found
Important: Red Hat Security Advisory: Red Hat Data Grid 8.4.0 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: IBM Robotic Process Automation is vunerable to cross-site scripting through Prism.js (CVE-2022-23647)
Summary Security Bulletin: IBM Robotic Process Automation is vunerable to cross-site scripting through Prism.js CVE-2022-23647 Vulnerability Details CVEID: CVE-2022-23647 DESCRIPTION: Prism.js Prism is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...
CVE-2022-23647
A Cross-site scripting attack was found in Prism. The command-line plugin did not properly escape its output. This issue leads to the input text being inserted into the Document Object Model DOM as HTML code, which can be exploited by an attacker...
CVE-2022-23647
creationtimestamp| type| source ---|---|--- 2022-02-18 18:38:13+00:00| seen| https://t.me/cibsecurity/37707...
CVE-2022-23647
Prism.js Prism (command line plugin) is vulnerable to cross-site scripting due to improper escaping when output is inserted into the DOM. Affected versions: prior to 1.27.0 (1.14.0–1.26.x). The vulnerability does not affect Prism’s server-side usage or sites not using the Command Line plugin. The...
CVE-2022-23647 Cross-site Scripting in Prism
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...
CVE-2022-23647
Prism is a syntax highlighting library. Starting with version 1.14.0 and prior to version 1.27.0, Prism's command line plugin can be used by attackers to achieve a cross-site scripting attack. The command line plugin did not properly escape its output, leading to the input text being inserted int...