EUVD-2023-43774

Malicious code in bioql PyPI...

EUVD-2024-3369

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview panel is a The powerful data exploration & web app framework for Python. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to missing HTML escaping in authentication templates. The errormessage variable in the basiclogin.html template and the error/errormsg...

CVE-2024-53262 Unescaped error message included on error page in SvelteKit

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contai...

PT-2024-35700 · Sveltekit · Sveltekit

Name of the Vulnerable Software and Affected Versions: SvelteKit versions prior to 2.8.3 Description: The static error.html template for errors in SvelteKit contains placeholders that are replaced without escaping the content first. This leads to possible injection if an app explicitly creates an...

Cross-site Scripting (XSS)

Thelia is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization within the error.html template which allows an attacker to inject and execute malicious scripts...

PT-2024-40486 · Thelia · Thelia

Name of the Vulnerable Software and Affected Versions: Thelia versions 2.1.0 through 2.1.1 Description: The BackOffice of Thelia has a cross-site scripting issue in the error.html template. This issue is resolved in version 2.1.2. Recommendations: For Thelia versions 2.1.0 and 2.1.1, update to...

CVE-2023-3085

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads ...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads ...

CVE-2023-3085 X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting

A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10b202303061504. This issue affects the function runaction of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument requestpath leads ...

Cross-Site Scripting (XSS)

flow-server is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbtirary Javascript in a user's browser via the error template...

yet more XSS in older versions of ColdFusion

This only affects ColdFusion versions 5 and below. It does not affect CFMX. This is similar to previously reported XSS issues with CF, but not identical to any that I have seen reported. Cold Fusion has a "feature" that allows a developer to add validation to HTML forms by using specially named...