EUVD-2019-0713

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-1002201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case,...

CVE-2021-32818

haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...

CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

MAL-2025-3622 Malicious code in haml-jst-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8ca2db3fdc34877d4cbc9c4b109a713c2d744251b47b95621df2db46fc5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in haml-jst-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0d8ca2db3fdc34877d4cbc9c4b109a713c2d744251b47b95621df2db46fc5fd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2017-1002201

In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...

Cross-site Scripting (XSS)

Overview oxidized-web is a puma+sinatra+haml webUI + REST API for oxidized Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of user input provided to the toresearch argument in web/views/confsearch.haml. Details Cross-site scripting or XSS is a...

PT-2022-8300 · Unknown · Ytti Oxidized Web

Name of the Vulnerable Software and Affected Versions: ytti Oxidized Web affected versions not specified Description: A vulnerability was found in ytti Oxidized Web, classified as problematic. The issue affects an unknown function of the file lib/oxidized/web/views/conf search.haml. The...

Fedora: Security Advisory for golang-github-eknkc-amber (FEDORA-2022-ea8f4e232d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-eknkc-amber-0-0.18.20190601gitcdade1c.fc36

Amber is an elegant templating engine for Go Programming Language It is inspi red from HAML and Jade...

[SECURITY] Fedora 35 Update: golang-github-eknkc-amber-0-0.17.20190601gitcdade1c.fc35

Amber is an elegant templating engine for Go Programming Language It is inspi red from HAML and Jade...

[SECURITY] Fedora 36 Update: golang-github-eknkc-amber-0-0.17.20190601gitcdade1c.fc36

Amber is an elegant templating engine for Go Programming Language It is inspi red from HAML and Jade...

Debian: Security Advisory (DLA-2864-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2864-1] ruby-haml security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2864-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta December 29, 2021 https://wiki.debian.org/LTS -...

DLA-2864-1 ruby-haml - security update

Bulletin has no description...

Debian DLA-2864-1 : ruby-haml - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2864 advisory. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case, the '...

Advisory ROSA-SA-2021-1966

Software: ruby 2.0.0.648 OS: Cobalt 7.9 CVE-ID: CVE-2012-6684 CVE-Crit: MEDIUM CVE-DESC: A cross-site scripting XSS vulnerability in the RedCloth 4.2.9 library for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. CVE-STATUS: default CVE-REV:...

Haml cross-site scripting vulnerability (CNVD-2021-47372)

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...

Haml Cross-Site Scripting Vulnerability

haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...