4 matches found
CVE-2026-55437 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component
Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...
GHSA-V358-RVXR-WFFX Silverstripe XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...
Silverstripe XSS Vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via 1. a crafted string to the AbsoluteLinks 1. BigSummary 1. ContextSummary 1. EscapeXML 1. FirstParagraph 1. FirstSentence 1...
GeneralUtil.escapeForHtmlAttribute does not completely escape the given input for use in an html attribute context
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29826. panel GeneralUtil.escapeForHtmlAttribute only escapes " and it does not escape ' . Furthermore, the method does not html...