Cross-site Scripting (XSS)

zendframework/zendframework is vulnerable to Cross-site Scripting XSS. The vulnerability is due to view helpers using escapeHtml instead of escapeHtmlAttr to escape HTML attributes, which can lead to potential XSS attack vectors when user data or JavaScript is used...

Zend-Form vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

GHSA-8Q77-CV62-JJ38 Zendframework has potential Cross-site Scripting vector in multiple view helpers

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

Cross-site Scripting (XSS)

Overview toastr is a Javascript library for non-blocking notifications. jQuery is required. The goal is to create a simple core library that can be customized and extended Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the missing sanitization of message and...

Reflected XSS vectors in laminas/laminas-form

The package laminas/laminas-form contains a laminas/laminas-view view helper for emitting form element, fieldset, and/or form validation errors, formElementError. Validation messages can contain the original input, potentially resulting in a Reflected XSS vulnerability. Affected versions...

Cross-site Scripting in bootstrap-table

This affects all versions of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

UBUNTU-CVE-2021-23472

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

Type confusion

This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is set...

PT-2021-5669 · Unknown · Bootstrap-Table

Name of the Vulnerable Software and Affected Versions: bootstrap-table versions prior to 1.19.1 Description: A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an array instead of a string even if the escape attribute is...

Haml cross-site scripting vulnerability (CNVD-2021-47372)

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

GHSA-M7MF-VM62-7X3Q Insecure template handling in haml-coffee

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

Remote Code Execution

haml-coffee is vulnerable to remote code execution. A remote attacker is able to execute arbitrary code in downstream applications via the customHtmlEscape parameter. Additionally, control over the escapeHtml parameter allows an attacker to perform cross-site scripting attacks...

一个Coremail的存储型XSS

简要描述： 某处 escape 姿势不对 详细说明： 目前的代码，在构造发件人时，代码如下： function getEmailDivemailAddress return '' 那么 escapeHTML 是什么呢？ function var div=document.createElement"div"; var 15=document.createTextNodethis; div.appendChild15; return div.innerHTML; 这种过滤并不会过滤单引号和双引号，所以可以构造特别的字符串逃逸到双引号以外 漏洞证明： 最简单触发方式是利用 onmousexx...