EUVD-2022-4443

Malicious code in bioql PyPI...

CVE-2020-13980

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...

CLSA-2023-1696537106 libxml2: Fix of 5 CVEs

CVE-2021-3517: fix flaw in the xml entity encoding - CVE-2021-3518: fix dangling pointers in entity reference nodes - CVE-2022-23308: fix use-after-free of ID and IDREF attributes - CVE-2022-40303: fix integer counters overflow when parsing a multi-gigabyte XML - CVE-2022-40304: fix double free...

Amazon Linux AMI : libxml2 (ALAS-2023-1743)

The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.42. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1743 advisory. parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the...

Braintree sanitize-url 跨站脚本漏洞

Braintree sanitize-url is an open source URL cleanup from Braintree USA. A security vulnerability exists in Braintree sanitize-url prior to version 6.0.2, which stems from allowing XSS attacks via HTML entities...

XSS caused by sending information between users

Description The forum allows users to send information. Although the script tag cannot be used, the img tag can also cause xss.And the program can bypass the filtering of the "cookie" string by means of entity encoding. Video link You can watch my video through this link first. link...

EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2023-1271)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There's a flaw in libxml2's xmllint in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed ...

Amazon Linux 2 : libxml2 (ALAS-2021-1662)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1662 advisory. GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at...

GHSA-P9QW-FH38-X37F OpenCart Cross-site Scripting

OpenCart 3.0.3.3 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section because of a lack of entity encoding. NOTE: this issue exists because of an incomplete fix for CVE-2020-10596. The vendor states "this is not a massive issue as you...

Nokogiri contains libxml Out-of-bounds Write vulnerability

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...

Azul Zulu Java Multiple Vulnerabilities (2021-10-19)

The version of Azul Zulu installed on the remote host is prior to 6 6.43 / 7 7.49.0.14 / 8 8.57.0.14 / 11 11.51.16 / 13 13.43.12 / 15 15.35.12 / 17 17.30.16. It is, therefore, affected by multiple vulnerabilities as referenced in the 2021-10-19 advisory. - There is a flaw in the xml entity encodi...

EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2021-2306)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes supportto read, modify and write XML and HTML files. There is DTDs supportthis include...

EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2021-2103)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML...

CVE-2020-20640

Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...

Cross site scripting

Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...

CVE-2020-20640

Cross Site Scripting XSS vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability...

CVE-2020-20640

The CVE-2020-20640 entry describes a Cross Site Scripting (XSS) vulnerability in ECShop 4.0, triggered via the user.php file by bypassing the safety.php security policy through HTML entity encoding. The issue arises from security filtering gaps, enabling XSS (no full details on exploitation metho...

Medium: libxml2

Issue Overview: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. CVE-2020-24977 There is a flaw in the xml entity encoding functionality of libxml2. An attacker who is able to...

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application.

...

CVE-2021-3517

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this...