Lucene search
+L

263 matches found

OSV
OSV
added 2021/09/01 6:15 p.m.22 views

CVE-2021-34435

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...

8.8CVSS8.6AI score
Exploits0References1
Prion
Prion
added 2021/09/01 6:15 p.m.20 views

Design/Logic Flaw

In Eclipse Theia 0.3.9 to 1.8.1, the "mini-browser" extension allows a user to preview HTML files in an iframe inside the IDE. But with the way it is made it is possible for a previewed HTML file to trigger an RCE. This exploit only happens if a user previews a malicious file...

6.8CVSS8.5AI score0.00595EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2021/08/10 2:15 p.m.17 views

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...

5.4CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/08/10 2:15 p.m.3 views

CVE-2021-37152

Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications...

5.4CVSS6.2AI score0.24389EPSS
Exploits0References3
NVD
NVD
added 2020/11/25 3:15 a.m.26 views

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...

9CVSS8.8AI score0.01639EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/11/25 2:48 a.m.29 views

CVE-2020-29071

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure rendering of HTML files uploaded to the platform as attachments, when the -htmlview URL is directly accessed. The impact ranges from executing commands as root on the server to retrieving...

8.8AI score0.01639EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/13 12:0 a.m.43 views

Amazon Linux AMI : libxml2 (ALAS-2020-1415)

The version of libxml2 installed on the remote host is prior to 2.9.1-6.4.40. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1415 advisory. A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval function of libxml2 through 2.9.8 wh...

8.8CVSS7.3AI score0.043EPSS
Exploits3References13
UbuntuCve
UbuntuCve
added 2020/03/16 3:15 p.m.27 views

CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

5.4CVSS6.1AI score0.00928EPSS
Exploits1References4
OSV
OSV
added 2020/03/16 3:15 p.m.4 views

UBUNTU-CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

5.4CVSS5.8AI score0.00928EPSS
Exploits1References5
NVD
NVD
added 2020/02/04 8:15 p.m.23 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5.4CVSS5AI score0.00783EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/02/04 7:8 p.m.26 views

CVE-2019-15614

Missing sanitization in the iOS App 2.24.4 causes an XSS when opening malicious HTML files...

5AI score0.00783EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/22 9:1 p.m.23 views

CVE-2015-9501

The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root...

6.1AI score0.00977EPSS
Exploits0References2
CNVD
CNVD
added 2019/09/06 12:0 a.m.5 views

Total.js CMS Path Traversal Vulnerability

Total.js CMS is a Node.js content management system. Total.js CMS 12.0.0 suffers from a path traversal vulnerability that can be exploited by an attacker to include .html files outside of a restricted directory...

8.8CVSS6.9AI score0.05119EPSS
Exploits1References1
CVE
CVE
added 2019/09/05 6:32 p.m.89 views

CVE-2019-15952

Total.js CMS 12.0.0 contains a path traversal vulnerability exploitable by an authenticated user with the Pages privilege to include outside-directory .html files. If a page contains a template directive, it is server-side processed, enabling an attacker who can control the content of a .html fil...

8.8CVSS8.8AI score0.05119EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/15 12:45 p.m.29 views

Mozilla: Same-origin policy treats all files in a directory as having the same-origin

A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same directory or sub-directories if the names are known or guessed. The Fetch API can then be used to read the contents of any files stored in these directories and...

6.5CVSS7.3AI score0.20271EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2019/06/28 12:0 a.m.25 views

Foxit PhantomPDF < 8.3.10, 9.x < 9.5 Multiple Vulnerabilities (Jun 2019) - Windows

Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...

7.8CVSS7AI score0.03484EPSS
Exploits0References1
Veracode
Veracode
added 2019/05/02 4:41 a.m.37 views

Information Disclosure

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS9.4AI score0.04899EPSS
Exploits1References12Affected Software3
Ubuntu
Ubuntu
added 2018/12/10 1:47 p.m.72 views

USN-3841-2: lxml vulnerability

USN-3841-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that lxml incorrectly handled certain HTML files. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...

6.1CVSS6.7AI score0.02438EPSS
Exploits1
OSV
OSV
added 2018/12/05 5:17 p.m.11 views

GHSA-7RR7-RCJW-56VJ Exposure of Sensitive Information to an Unauthorized Actor in activestorage

A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...

6.5CVSS6.3AI score0.01311EPSS
Exploits1References4
Prion
Prion
added 2018/11/30 7:29 p.m.12 views

Design/Logic Flaw

A bypass vulnerability in Active Storage = 5.2.0 for Google Cloud Storage and Disk services allow an attacker to modify the content-disposition and content-type parameters which can be used in with HTML files and have them executed inline. Additionally, if combined with other techniques such as...

4.3CVSS6.4AI score0.01311EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder