Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

CVE-2025-67843

Mintlify Platform is affected by a Server-Side Template Injection (SSTI) in its MDX Rendering Engine prior to 2025-11-15. The vulnerability allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file. Affected component: MDX Rendering Engine in Mintlify Platform (p...

EUVD-2024-32755

Malicious code in bioql PyPI...

EUVD-2025-8410

Malicious code in bioql PyPI...

EUVD-2024-32761

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-0811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of...

Rails Ruby on Rails Path Traversal Vulnerability

Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to render file: can cause arbitrary files on the target server to be rendered, disclosing the file contents...

CVE-2021-22951

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

CVE-2025-0811

Removed by vendor...

UBUNTU-CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from...

GHSA-7M8G-FPRR-47FX phpMyFAQ vulnerable to stored XSS on attachments filename

Summary Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leading to allow execute JavaScript code in client side XSS Details On that snippet code of rendering the file attachments from user tables id ?" title="thema ?" id ? filename ? recordlang ? filesize ? mimetype ? The data...

Cross site scripting

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting XSS such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered...

CVE-2023-26146

CVE-2023-26146 affects the library ithewei/libhv (all versions per PT-2023-20524) with a Cross-site Scripting (XSS) flaw that occurs when a file name containing a malicious payload is served and rendered without proper sanitization. The underlying issue is insufficient sanitization of filenames, ...

GHSA-64Q9-F38H-9MWX Protection Mechanism Failure in Jenkins Doktor Plugin

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

Protection Mechanism Failure in Jenkins Doktor Plugin

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

CVE-2022-25204

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

Code injection

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

CVE-2022-25204

Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists...

CVE-2021-22951

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...