Lucene search
K

5 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Lightweight JSON text parser 安全漏洞

Lightweight JSON Text Parser is a lightweight JSON text parsing library developed by Tilen Majerle. Version 1.8.1 of Lightweight JSON Text Parser has a security vulnerability. This vulnerability stems from a logical error in the string termination detection mechanism of the streaming JSON parser,...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/12/20 11:55 a.m.16 views

curl: Functional Regression in Digest Authentication: Failure to handle optional spaces and escaped quotes

Summary A recent migration of the Digest authentication parsing logic to the curlxstr strparse API introduced two functional parsing regressions in lib/vauth/digest.c. 1. Optional Whitespace OWS Handling The current implementation fails to skip optional whitespace after comma delimiters in...

7.2AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/06/06 12:45 a.m.22 views

JStachio XSS vulnerability: Unescaped single quotes

Impact Description: JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. Reproduction Steps: Use the following template code: html Set the value variable to ' onblur='alert1. java public class Escaping public static void mainString args Model model = ne...

6.1CVSS7.3AI score0.00579EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2022/06/01 12:0 a.m.14 views

WordPress Quotes llama plugin跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Quotes llama plugin 0.7 and earlier versions have a cross-site scripting vulnerability that...

4.8CVSS2.8AI score0.0064EPSS
Exploits2References1
wpexploit
wpexploit
added 2021/05/07 12:0 a.m.107 views

DSGVO All in one for WP < 4.0 - Unauthenticated Stored Cross-Site Scripting (XSS)

The dsgvoaiowritelog AJAX action of the plugin did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the administrator dashboard wp-admin/admin.php?page=dsgvoaiofree-show-log. This could allow unauthenticated attackers to gain unauthorised access by...

6.1CVSS0.7AI score0.01186EPSS
Exploits2References1
Rows per page
Query Builder