477 matches found
CVE-2017-6927
Removed by vendor...
CVE-2017-6927
Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 has a Drupal.checkPlain JavaScript function which is used to escape potentially dangerous text before outputting it to HTML as JavaScript output does not typically go through Twig autoescaping. This function does not correctly...
MyBB 1.8.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an...
MyBB 1.8.13 - Cross-Site Scripting
MyBB 1.8.13 - Cross-Site Scripting Exploit Title: XSS in MyBB up to 1.8.13 via installer Date: Found on 05-29-2017 Exploit Author: Pablo Sacristan Vendor Homepage: https://mybb.com/ Version: Version 1.8.13 Fixed in 1.8.13 CVE : CVE-2017-16781 No HTML escaping when returning an $error in...
Foreman 1.2 < 1.16.0 XSS Vulnerability
Foreman is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman"; if...
PYSEC-2017-44
In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn't affect most production sites since you...
PT-2017-3841
Name of the Vulnerable Software and Affected Versions Django versions 1.10.x through 1.10.7 Django versions 1.11.x through 1.11.4 Description The issue is related to the disabling of HTML autoescaping in a portion of the template for the technical 500 debug page in Django. This could allow a...
Cross-site Scripting (XSS)
github.com/revel/revel is vulnerable to cross-site scripting XSS attacks. It does not perform HTML escaping of string arguments...
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy ================ dxw believes in responsible disclosure. Your...
Cross-site Scripting
console-common is vulnerable to cross-site scripting XSS attacks. They are possible because it does not perform HTML escaping properly...
Cross-Site Scripting
Overview Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later. References - Commit bc01e53 - GitHub Advisory...
Uber: HTML Escaping Error in the 404 Page on developer.uber.com/docs/
There is a non-exploitable HTML escaping error in the 404 page on developer.uber.com. When loading https://developer.uber.com/docs/test'test, the following HTML is rendered: html logging in Note that the injected ' is rendered in the HTML as a closing " that closes the href= section. Sadly, I hav...
Vaadin Framework 7.0.0 - 7.3.6 XSS Vulnerability
Vaadin Framework is prone to a cross-site scripting XSS vulnerability because the application fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
GLSA-201406-06 : Mumble: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201406-06 Mumble: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mumble: A crafted length prefix value can trigger a heap-based buffer overflow or NULL pointer dereference in the...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...
java security update
CentOS Errata and Security Advisory CESA-2013:1505 Updated java-1.6.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scorin...
OpenJDK: insufficient html escaping in jhat (jhat, 8011081)
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat...