Lucene search
K

165 matches found

UbuntuCve
UbuntuCve
added 2021/11/03 12:0 a.m.47 views

CVE-2021-38504

When interacting with an HTML input element's file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

8.8CVSS7.2AI score0.01586EPSS
Exploits0References6
OSV
OSV
added 2021/10/21 9:15 p.m.17 views

CVE-2021-41169

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade...

4.8CVSS4.9AI score
Exploits0References2
Cvelist
Cvelist
added 2021/10/21 8:25 p.m.18 views

CVE-2021-41169 Improper Neutralization HTML tags in sulu/sulu

Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade...

6.2CVSS6.2AI score0.00572EPSS
Exploits0References2
NVD
NVD
added 2021/10/21 9:15 a.m.16 views

CVE-2021-41791

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...

5.4CVSS0.00534EPSS
Exploits0References2
Prion
Prion
added 2021/10/21 9:15 a.m.18 views

Input validation

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...

3.5CVSS5.1AI score0.00534EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/10/21 8:49 a.m.21 views

CVE-2021-41791

An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker given that he has privileges on...

5.4AI score0.00534EPSS
Exploits0References2
Prion
Prion
added 2021/06/07 10:15 p.m.16 views

Design/Logic Flaw

Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 our last beta before v1.0.0 and was not noticed or documented. This allowed for any user to type...

4.3CVSS9.4AI score0.39738EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/06/07 9:25 p.m.182 views

CVE-2021-32671

CVE-2021-32671 concerns Flarum’s translation system, which allowed string inputs to be rendered as HTML DOM nodes, enabling cross-site scripting in certain user inputs (notably the forum search box). The vulnerability affects Flarum v1.0.0/v1.0.1 and is due to rendering user-provided markup witho...

10CVSS9.5AI score0.39738EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/04/27 11:15 a.m.6 views

CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...

5.4CVSS5.8AI score0.00466EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/04/27 10:51 a.m.26 views

CVE-2020-35542

Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize the input to a HTML document field. This could be used for an XSS attack...

5.2AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/04/27 12:0 a.m.4 views

Unisys Data Exchange Management Studio 跨站脚本漏洞

Unisys Data Exchange Management Studio is a data exchange component from the American company Unisys. A cross-site scripting vulnerability exists in Unisys Data Exchange Management Studio version 5.0.34 and prior versions, which originates from input that is not cleared from HTML document fields,...

5.4CVSS5.4AI score0.00466EPSS
Exploits0References2
Veracode
Veracode
added 2021/04/20 8:53 a.m.22 views

Cross-Site Scripting (XSS)

flow-server is vulnerable to cross-site scripting. The vulnerability exists due to the use of the HTML input not sanitized before added to the template...

6.1CVSS0.3AI score0.00668EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/01/26 6:16 p.m.20 views

Command injection

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

9CVSS7.2AI score0.16782EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2021/01/26 6:47 a.m.44 views

CVE-2021-3291

Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element within the modules edit page and inserting a command...

7.4AI score0.16782EPSS
Exploits4References2
Cvelist
Cvelist
added 2020/11/12 8:31 p.m.26 views

CVE-2020-27193

A cross-site scripting XSS vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs...

7AI score0.02018EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2020/11/04 1:39 a.m.6 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
NVD
NVD
added 2020/06/02 8:15 p.m.14 views

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

7.5CVSS8.2AI score0.01227EPSS
Exploits0References1
OSV
OSV
added 2020/06/02 8:15 p.m.14 views

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

7.5CVSS7AI score
Exploits0References1
Prion
Prion
added 2020/06/02 8:15 p.m.15 views

Design/Logic Flaw

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

5CVSS7.5AI score0.01227EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/02 7:24 p.m.19 views

CVE-2020-13763

In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users...

7.7AI score0.01227EPSS
Exploits0References1
Rows per page
Query Builder