Lucene search
K

165 matches found

OSV
OSV
added 2024/03/06 11:2 a.m.13 views

BIT-PRESTASHOP-2024-21627 Some attribute not escaped in Validate::isCleanHTML method

PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the isCleanHTML method. Some modules using the isCleanHTML method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this...

8.1CVSS6.5AI score0.00519EPSS
Exploits0References4
OSV
OSV
added 2024/03/04 4:14 p.m.5 views

USN-6674-2 python-django vulnerability

USN-6674-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Seokchan Yoon discovered that the Django Truncator function incorrectly handled very long HTML input. A remote attacker could possibly use this issue to cause...

5.3CVSS6.8AI score0.01854EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/21 9:24 a.m.16 views

Arbitrary File Read

electron-pdf is vulnerable to Arbitrary File Read. The vulnerability due to the improper input application when validating the HTML content, allowing an attacker to remotely obtain arbitrary local files by injecting malicious HTML content...

7.5CVSS6.6AI score0.00695EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/02/20 1:15 a.m.5 views

CVE-2024-1647

Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...

7.5CVSS5.8AI score0.00695EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.4 views

Electron-PDF Security Vulnerability

Electron-PDF is a powerful command line tool from the individual developers at Fraser Xu. A security vulnerability exists in Electron-PDF version 20.0.0, which stems from a failure to validate the HTML content of user input, allowing an attacker to obtain arbitrary local files...

7.5CVSS6.6AI score0.00695EPSS
Exploits1References3
OSV
OSV
added 2024/01/31 3:28 p.m.13 views

BIT-WORDPRESS-MULTISITE-2021-39202

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions the widgets editor introduced in WordPress 5.8 beta 1 has improper handling of HTML input in the Custom HTML feature. This leads to stored XSS in the cust...

7.6CVSS5.9AI score0.0082EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/10/24 12:59 a.m.2 views

SUSE CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

7.5CVSS7AI score0.01352EPSS
Exploits1References3
OSV
OSV
added 2023/10/22 6:15 p.m.146 views

CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

7.5CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2023/10/22 6:15 p.m.1 views

UBUNTU-CVE-2023-46303

linktolocalpath in ebooks/conversion/plugins/htmlinput.py in calibre before 6.19.0 can, by default, add resources outside of the document root...

7.5CVSS7.1AI score0.01352EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/06 12:0 a.m.23 views

Snappy Code Issue Vulnerability

Snappy is a PHP library from KNP Labs Individual Developers that allows thumbnails, snapshots, or PDFs to be generated from url or html pages. Snappy is vulnerable to a code issue. An attacker can exploit this vulnerability to remotely execute code...

9.8CVSS7.3AI score0.01877EPSS
Exploits1References4
Veracode
Veracode
added 2023/07/22 10:33 p.m.21 views

Improper Neutralization

gtLab is vulnerable to Improper Neutralization. This vulnerability exists because it does not properly validate HTML input, allowing an attacker to inject malicious code into the browser...

8.7CVSS7AI score0.82003EPSS
Exploits3References5Affected Software1
Prion
Prion
added 2023/05/26 9:15 p.m.22 views

Input validation

Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to type="text" via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates type="password" inputs...

4CVSS6.4AI score0.00285EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2023/03/01 10:2 p.m.6 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.5 views

SUSE CVE-2010-2230

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting XSS attacks via HTML input...

4CVSS5.9AI score0.02226EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.8CVSS6.2AI score0.08632EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.5 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.4 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
hivepro
hivepro
added 2022/11/29 6:11 a.m.36 views

Actively Exploited Zero-Day Bug in Chrome

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary CVE-2022-4135 is a high-severity heap buffer overflow issue that affects the GPU component. The fault is caused by a boundary error in the GPU while processing untrusted HTML input. An attacker wh...

1AI score0.31864EPSS
Exploits1
OSV
OSV
added 2022/08/15 11:21 a.m.3 views

ALPINE-CVE-2022-38223

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact...

7.8CVSS7.3AI score0.00441EPSS
Exploits1References1
OSV
OSV
added 2022/08/01 1:15 p.m.4 views

CVE-2022-2171

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...

5.4CVSS6.1AI score0.00256EPSS
Exploits1References1
Rows per page
Query Builder