GHSA-54M3-5FXR-2F3J Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

EUVD-2026-1422

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

PT-2026-2186

Name of the Vulnerable Software and Affected Versions Salvo versions prior to 0.88.1 Description Salvo is a Rust web backend framework. Prior to version 0.88.1, the list html function generates a file view of a folder, including a render of the current path. This path is inserted into the HTML...

OpenUI 跨站脚本漏洞

OpenUI is a UI program open-sourced by Weights & Biases. A cross-site scripting vulnerability exists in OpenUI, which stems from a stored cross-site scripting vulnerability in the Edit HTML function that could lead to the theft of a user's alert history and other sensitive information...

Vue 安全漏洞

Vue is an HTML, CSS, and JS framework open-sourced by Vue. It is used to develop web applications with fine-grained reactivity. A security vulnerability exists in Vue versions 2.0.0 through 3.0.0, which stems from a potential regular expression denial of service vulnerability caused by an incorre...

CVE-2024-8271

The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...

MGASA-2023-0291 Updated ruby-RedCloth packages fix a security vulnerability

A Regular Expression Denial of Service ReDoS issue was discovered in the sanitizehtml function of redcloth gem v4.0.0. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted payload. CVE-2023-31606...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Design/Logic Flaw

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

CVE-2020-11022

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

MGASA-2014-0218 Updated python-lxml package fix CVE-2014-3146

Updated python-lxml packages fix security vulnerability: The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

Vivvo Article Manager <= 3.2 (classified_path) File Include Vulnerability

No description provided by source. MercilessTurk [email protected] App Name: phpWordPress Vivvo Article Manager App Author: vivvo.net App Version: =3.2 Vulnerable Code in HTMLfunction.php function HTMLCategoryMenu : line 51: includeonce$classifiedpath.'exportcategory.php'; if registerglobals ...

CGIForum 1.0 Vulnerability

Hi, Date: 2000/11/20 Affected Application: CGIForum 1.0 http://www.marcbrinkmann.de/inandonline/netz/CGIForum-1.0.tar.gz Markus Triska [email protected] CGIForum is a free forum. We can set 'thesection' parameter to view files on the vulnerable system with privileges of the user "nobody". This is...