GHSA-57J2-W4CX-62H2 Deeply nested json in jackson-databind

jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects...

Code Injection in jackson-databind

This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource aka Anteros-DBCP...

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

GHSA-RGX6-RJJ4-C388 ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

ckeditor4 vulnerable to cross-site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

CKEditor 4.0 < 4.16.1 XSS Vulnerability - Linux

CKEditor is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

DEBIAN-CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

Cross site scripting

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

UBUNTU-CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

CVE-2021-33829

CKEditor 4.x contains a cross-site scripting vulnerability in the HTML Data Processor (affected versions: 4.14.0–4.16.x prior to 4.16.1) where a crafted comment can cause execution of injected JavaScript due to mishandling of --!&gt;. The issue enables remote XSS and is fixed in CKEditor 4.16.1 (...

CVE-2021-33829

A cross-site scripting XSS vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. CKEditor suffers from a cross-site scripting vulnerability that stems from improper handling of input data in the HTML data processor. A remote attacker can inject executable JavaScript code via a crafted comment. The following products and model...

PT-2021-4279

Name of the Vulnerable Software and Affected Versions CKEditor 4 versions 4.14.0 through 4.16.x Description A cross-site scripting XSS vulnerability in the HTML Data Processor allows remote attackers to inject executable JavaScript code through a crafted comment because --! is mishandled. This...

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

GHSA-VCJF-MGCG-JXJQ CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CKEditor 4.0 vulnerability in the HTML Data Processor

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14.0 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

libquartz: XXE attacks via job description

The Terracotta Quartz Scheduler is susceptible to an XML external entity attack XXE through a job description. This issue stems from inadequate handling of XML external entity XXE declarations in the initDocumentParser function within xml/XMLSchedulingDataProcessor.java. By enticing a victim to...

Cross-site Scripting (XSS)

ckeditor4 is vulnerable to cross-site scripting XSS. The attack exists because HTML Data Processor does not discard the comment with ckeprotected syntax, allowing an attacker to inject malicious script with that syntax...