Lucene search
+L

477 matches found

Debian CVE
Debian CVE
added 2018/03/01 10:0 p.m.63 views

CVE-2017-6927

Removed by vendor...

6.1CVSS7.2AI score0.01644EPSS
Exploits0
Cvelist
Cvelist
added 2018/03/01 10:0 p.m.43 views

CVE-2017-6927

Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...

6.5AI score0.01644EPSS
Exploits0References4
0day.today
0day.today
added 2017/11/21 12:0 a.m.57 views

MyBB 1.8.13 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an...

3.5CVSS5.8AI score0.01581EPSS
Exploits4
exploitpack
exploitpack
added 2017/11/11 12:0 a.m.42 views

MyBB 1.8.13 - Cross-Site Scripting

MyBB 1.8.13 - Cross-Site Scripting Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in...

3.5CVSS5.4AI score0.01581EPSS
Exploits4
OpenVAS
OpenVAS
added 2017/11/07 12:0 a.m.44 views

Foreman 1.2 < 1.16.0 XSS Vulnerability

Foreman is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman"; if...

6.1CVSS6.2AI score0.011EPSS
Exploits0References1
OSV
OSV
added 2017/09/07 1:29 p.m.2 views

PYSEC-2017-44

In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...

6.1CVSS6.7AI score0.23566EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2017/09/05 12:0 a.m.6 views

PT-2017-3841

Name of the Vulnerable Software and Affected Versions Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 Description The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a...

6.4CVSS6.6AI score0.23566EPSS
Exploits0References149
Veracode
Veracode
added 2017/04/27 8:20 a.m.8 views

Cross-site Scripting (XSS)

github.com/revel/revel is vulnerable to cross-site scripting XSS attacks. It does not perform HTML escaping of string arguments...

5.7AI score
Exploits0
Exploit DB
Exploit DB
added 2017/04/07 12:0 a.m.49 views

WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting

alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy ================ dxw believes in responsible disclosure. Your...

7.4AI score
Exploits0
Veracode
Veracode
added 2017/03/24 8:19 a.m.40 views

Cross-site Scripting

console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...

5.8CVSS5.2AI score0.11515EPSS
Exploits0References15Affected Software1
Node.js
Node.js
added 2016/11/16 8:35 p.m.48 views

Cross-Site Scripting

Overview Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later. References - Commit bc01e53 - GitHub Advisory...

4.3CVSS2.8AI score0.00848EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2016/03/22 8:50 p.m.9 views

Uber: HTML Escaping Error in the 404 Page on developer.uber.com/docs/

There is a non-exploitable HTML escaping error in the 404 page on developer.uber.com. When loading https://developer.uber.com/docs/test'test, the following HTML is rendered: html logging in Note that the injected ' is rendered in the HTML as a closing " that closes the href= section. Sadly, I hav...

7AI score
Exploits0
OpenVAS
OpenVAS
added 2015/01/22 12:0 a.m.20 views

Vaadin Framework 7.0.0 - 7.3.6 XSS Vulnerability

Vaadin Framework is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

5.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/06/07 12:0 a.m.42 views

GLSA-201406-06 : Mumble: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-06 Mumble: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the...

7.5CVSS6.5AI score0.04025EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2014/04/17 11:30 a.m.5 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/12/05 5:32 p.m.6 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/11/07 4:47 p.m.4 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/11/07 4:45 p.m.7 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
Cent OS
Cent OS
added 2013/11/05 8:45 p.m.77 views

java security update

CentOS Errata and Security Advisory CESA-2013:1505 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...

10CVSS6.9AI score0.24738EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2013/11/05 5:58 p.m.11 views

OpenJDK: insufficient html escaping in jhat (jhat, 8011081)

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...

2.6CVSS6.8AI score0.03756EPSS
Exploits0References5
Rows per page
Query Builder