Lucene search
K

10 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 7:56 p.m.16 views

DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

Cross-realm INPLACE sanitization leaves executable markup intact via realm-bound instanceof checks CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — realm-bound instanceof checks fail-open on foreign-realm DOM nodes and CWE-50...

5.8AI score0.00055EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/12 10:9 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes such as action, formaction, data, poster, and background. An attacker can execute arbitrary scripts in the context of the user’s browser by injecting a crafted...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:22 a.m.4 views

SUSE CVE-2018-18690

In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfsattrshortformaddname in fs/xfs/libxfs/xfsattr.c...

5.5CVSS6.1AI score0.00683EPSS
Exploits1References10
Veracode
Veracode
added 2022/06/24 4:7 a.m.109 views

Cross-site Scripting (XSS)

tomcat is vulnerable to cross-site scripting. The vulnerability exists because the user-provided name, value, and type form attributes are not filtered before being displayed on the web page, allowing an attacker to inject and execute malicious javascript...

6.1CVSS6.4AI score0.06156EPSS
Exploits0References13Affected Software2
Snyk
Snyk
added 2021/01/08 9:57 a.m.1 views

Cross-site Scripting (XSS)

Overview spoon/library is a PHP5 library used to build web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via getAttributesHTML in library/spoon/form/attributes.php due to lack of sanitization. In an affected application, an attacker could insert XSS...

7.1CVSS5.2AI score
Exploits0References3
OSV
OSV
added 2020/05/06 4:43 p.m.3 views

DRUPAL-CONTRIB-2020-011

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute element\validate, for example that would invoke execution of undesired P...

6.8AI score
Exploits0References1
Drupal
Drupal
added 2019/02/13 12:0 a.m.17 views

Focal Point - Moderately critical - Cross site scripting - SA-CONTRIB-2019-015

This module enables a privileged user to specify the important part of an image for the purposes of cropping. The module doesn't sufficiently sanitize certain form element attributes when the focal point widget is displayed on a form. This vulnerability is mitigated by the fact that an attacker...

6.4AI score
Exploits0References6
OSV
OSV
added 2019/01/30 10:29 p.m.3 views

CVE-2018-3956

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when...

7.1CVSS5.6AI score0.49566EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/01/30 12:0 a.m.4 views

PT-2019-10730 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit Software's PDF Reader version 9.1.0.5096 Description: The issue is related to the handling of certain XFA element attributes, which can lead to an out-of-bounds read when a specially crafted PDF document is opened. This can result in th...

7.1CVSS6.4AI score0.49566EPSS
Exploits1References2
Nmap
Nmap
added 2013/08/23 2:8 a.m.1280 views

http-csrf NSE Script

This script detects Cross Site Request Forgeries CSRF vulnerabilities. It will try to detect them by checking each form if it contains an unpredictable token for each user. Without one an attacker may forge malicious requests. To recognize a token in a form, the script will iterate through the...

10CVSS0.99448EPSS
Exploits33
Rows per page
Query Builder