165 matches found
CVE-2021-38504
When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
CVE-2021-41169
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade...
CVE-2021-41169 Improper Neutralization HTML tags in sulu/sulu
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade...
CVE-2021-41791
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...
Input validation
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...
CVE-2021-41791
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...
Design/Logic Flaw
Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...
CVE-2021-32671
CVE-2021-32671 concerns Flarum’s translation system, which allowed string inputs to be rendered as HTML DOM nodes, enabling cross-site scripting in certain user inputs (notably the forum search box). The vulnerability affects Flarum v1.0.0/v1.0.1 and is due to rendering user-provided markup witho...
CVE-2020-35542
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...
CVE-2020-35542
Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...
Unisys Data Exchange Management Studio 跨站脚本漏洞
Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...
Cross-Site Scripting (XSS)
flow-server is vulnerable to cross-site scripting. The vulnerability exists due to the use of the HTML input not sanitized before added to the template...
Command injection
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
CVE-2021-3291
Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...
CVE-2020-27193
A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
CVE-2020-13763
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...
CVE-2020-13763
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...
Design/Logic Flaw
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...
CVE-2020-13763
In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...