4 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-1002201
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like ' must be escaped properly. In this case,...
CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
SUSE CVE-2017-1002201
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code...
Haml cross-site scripting vulnerability (CNVD-2021-47372)
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...