50 matches found
EUVD-2024-39142
Malicious code in bioql PyPI...
EUVD-2024-42514
Malicious code in bioql PyPI...
EUVD-2024-39138
Malicious code in bioql PyPI...
CVE-2024-41697
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41697
CVE-2024-41697 corresponds to a Basic XSS (CWE-80) vulnerability with CVSS v3.1 metrics: Network attack vector, low attack complexity, no privileges required, user interaction required, and scope changed. Exploitation status is not indicated in the provided documents; the impact is limited to con...
CVE-2024-41697 Priority – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41693
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41693 Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41693 Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-41693
Mashov (an Israeli instructional management system) has a Cross-Site Scripting (XSS) flaw: CWE-80 due to improper neutralization of script-related HTML tags in web pages. The CVE-2024-41693 entry notes a basic XSS risk with CVSSv3.1 base score 6.1 (NETWORK, UI required, no privileges, changed sco...
CVE-2024-36395 Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS...
CVE-2024-36395
Verint Workforce Optimization (WFO) is affected by a cross-site scripting (XSS) vulnerability (CWE-80) caused by improper neutralization of script-related HTML tags in web pages. The CNNVD entry cites Verint WFO version 15.2.918.262 as affected. Root cause: improper HTML/script tag handling. Impa...
GHSA-CMH9-RX85-XJ38 XSS sidekiq-unique-jobs UI server vulnerability
Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...
XSS sidekiq-unique-jobs UI server vulnerability
Summary Cross site scripting XSS potentially exposing cookies / sessions / localStorage, fixed by sidekiq-unique-jobs v8.0.7. Specifically, this is a Reflected Server-Side, Non-Self, Cross Site Scripting vulnerability, considered a P3 on the BugCrowd taxonomy with the following categorization:...
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...
Protect
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components...
CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the...
Cross site scripting
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the...
CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the...
CVE-2022-35850
An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting XSS attack via the...