7 matches found
EUVD-2023-1419
Malicious code in bioql PyPI...
CVE-2024-22048
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
CVE-2024-22048
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
Cross site scripting
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
CVE-2024-22048 govuk_tech_docs XSS Vulnerability
govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...
CVE-2024-22048
CVE-2024-22048 affects govuk_tech_docs up to 3.3.1, with versions 2.0.2–3.3.0 vulnerable to a cross-site scripting (XSS) flaw in the search results page. The root cause is unescaped HTML rendered in search results, enabling malicious JavaScript to execute in a user’s browser when a crafted result...
Cross-Site Scripting (XSS)
govuktechdocs is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of sanitization in html "snippet" elements indexed in the search, which allows an attacker to inject and execute arbitrary JavaScript into the browser...