@grackle-ai/server: Unescaped Error String in renderPairingPage() HTML Template

Impact The renderPairingPage function embeds the error parameter directly into HTML without escaping: typescript const errorHtml = error ? $error : ""; All current call sites pass hardcoded strings, so this is not exploitable today. However, the function is architecturally fragile — if a future...

Cross-site Scripting (XSS)

Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DisallowedRawHtml extension when a newline, tab, or...

Cross-site Scripting (XSS)

Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

EUVD-2022-42701

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-17470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a...

CVE-2024-9427 Koji: escape html tag characters in the query string

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization in |markdown filter. An attacker to inject arbitrary JS into the page, by entering Markdown and then renders it with this filter. Note: Filters that use issafe need to make sure the...

CVE-2023-2136

Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. The vulnerability exists due to the heap buffer overflow in GPU in the library, allowing an attacker to perform a sandbox escape via a crafted HTML page, leading to an application crash...

ruby: buffer overflow in CGI.escape_html

A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escapehtml. By sending an overly long string using the sizet parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system...

ruby: buffer overflow in CGI.escape_html

A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escapehtml. By sending an overly long string using the sizet parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system...

CVE-2022-0452

Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page...

ALPINE-CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

DEBIAN-CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

UBUNTU-CVE-2021-41816

CGI.escapehtml in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms such as Windows where sizet and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby...

Buffer Overflow

Overview cgi is a Support for the Common Gateway Interface protocol. Affected versions of this package are vulnerable to Buffer Overflow when a very large string 700 MB is passed to CGI.escapehtml on a platform where long type takes 4 bytes. Remediation Upgrade cgi to version 0.3.1, 0.2.1, 0.1.1 ...

Ruby 输入验证错误漏洞

Ruby is a cross-platform, object-oriented, dynamically typed programming language from the personal developer Yukihiro Matsumoto. buffer overflow vulnerability exists in versions prior to Ruby 3.0.3, which stems from a buffer overflow string 700 MB to CGI.escapehtml when passing very large data. ...

Cross-site Scripting (XSS)

Overview bootstrap-table is an extended table to integration with some of the most widely used CSS frameworks. Supports Bootstrap, Semantic UI, Bulma, Material Design, Foundation, Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A type confusion vulnerability...