Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

Cross-site Scripting (XSS)

bootstrap-table is vulnerable to cross-site scripting. Lack of input sanitization in the escapeHTML function of index.js allows an attacker to inject and execute malicious javascript even if the escape attribute is set...

CVE-2020-15263

The CVE-2020-15263 entry describes an XSS vulnerability in the orchid/platform (and related variants) prior to version 9.4.4. The issue arises when inline attributes are not properly escaped, allowing cross-site scripting if user-provided data is not escaped. Affected versions range from 9.0.0 up...

DEBIAN-CVE-2006-0297

Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the 1 EscapeAttributeValue in jsxml.c for E4X, 2 nsSVGCairoSurface::Init in SVG, and 3...