Lucene search
K

7 matches found

OSV
OSV
added 2024/06/07 8:50 p.m.9 views

GHSA-5GMF-3C43-Q73V ZendFramework vulnerable to Cross-site Scripting

Zend\Debug, Zend\Feed\PubSubHubbub, Zend\Log\Formatter\Xml, Zend\Tag\Cloud\Decorator, Zend\Uri, Zend\View\Helper\HeadStyle, Zend\View\Helper\Navigation\Sitemap, and Zend\View\Helper\Placeholder\Container\AbstractStandalone were not using Zend\Escaper when escaping HTML, HTML attributes, and/or...

6.1CVSS6.2AI score
Exploits0References11
OSV
OSV
added 2018/11/15 3:59 p.m.24 views

GHSA-5R2P-J47H-MHPG Rack vulnerable to Cross-site Scripting

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6.1AI score0.01816EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2018/11/15 3:59 p.m.25 views

Rack vulnerable to Cross-site Scripting

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6AI score0.01816EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2018/11/13 11:29 p.m.25 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added 2018/11/13 11:0 p.m.35 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1AI score0.01816EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/11/13 11:0 p.m.22 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6.3AI score0.01816EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/11/13 12:0 a.m.39 views

CVE-2018-16471

There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the scheme method on Rack::Request. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an...

6.1CVSS6.7AI score0.01816EPSS
Exploits0References2
Rows per page
Query Builder