165 matches found
BIT-PRESTASHOP-2024-21627 Some attribute not escaped in Validate::isCleanHTML method
PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...
USN-6674-2 python-django vulnerability
USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause...
Arbitrary File Read
electron-pdf is vulnerable to Arbitrary File Read. The vulnerability due to the improper input application when validating the HTML content, allowing an attacker to remotely obtain arbitrary local files by injecting malicious HTML content...
CVE-2024-1647
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
Electron-PDF Security Vulnerability
Electron-PDF is a powerful command line tool from the individual developers at Fraser Xu. A security vulnerability exists in Electron-PDF version 20.0.0, which stems from a failure to validate the HTML content of user input, allowing an attacker to obtain arbitrary local files...
BIT-WORDPRESS-MULTISITE-2021-39202
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the cust...
SUSE CVE-2023-46303
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...
CVE-2023-46303
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...
UBUNTU-CVE-2023-46303
linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...
Snappy Code Issue Vulnerability
Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy is vulnerable to a code issue. An attacker can exploit this vulnerability to remotely execute code...
Improper Neutralization
gtLab is vulnerable to Improper Neutralization. This vulnerability exists because it does not properly validate HTML input, allowing an attacker to inject malicious code into the browser...
Input validation
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
SUSE CVE-2010-2230
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...
SUSE CVE-2012-6708
jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
Actively Exploited Zero-Day Bug in Chrome
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-4135 is a high-severity heap buffer overflow issue that affects the GPU component. The fault is caused by a boundary error in the GPU while processing untrusted HTML input. An attacker wh...
ALPINE-CVE-2022-38223
There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...
CVE-2022-2171
The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...