trying-to-make-a-website-scanner

trying-to-make-a-website-scanner Web Vulnerability Scanner —...

openSUSE 15 Security Update : python-Markdown (SUSE-SU-2026:0846-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0846-1 advisory. This update for python-Markdown fixes the following issue: - CVE-2025-69534: incomplete markup declaration in raw HTML can crash applications that process...

EUVD-2012-4154

Malware in sbrugna...

EUVD-2025-0082

Malicious code in bioql PyPI...

CVE-2024-53277

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. The...

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitisation of user-provided content in form messages, allows HTML markup, including potentially harmful scripts, to be processed and displayed without proper filtering, leading to the...

CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. The...

CVE-2024-53277

The CVE-2024-53277 entry concerns the silverstripe/framework (PHP) and an XSS vulnerability in form messages. Root cause: user-provided content is included in form messages without proper sanitization. Impact: potential to execute arbitrary HTML/JS in a user’s browser. Remediation: upgrade to sil...

CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework

Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. The...

Silverstripe Framework has a XSS in form messages

In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitise...

PT-2025-4479 · Optimizely · Optimizely Configured Commerce

Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml Dependency in Jira Software Data Center and Server

This High severity net.sourceforge.nekohtml:nekohtml Dependency vulnerability was introduced in versions 9.0.0, 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, 9.6.0, 9.7.0, 9.8.0, and 9.9.0 of Jira Software Data Center and Server. This net.sourceforge.nekohtml:nekohtml Dependency vulnerability, with a CVSS...

org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption

Summary The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Severity The maintainers have evaluated this as High Severity 7.5 CVSS3.1. Mitigation Upgrade to = 1.9.22.noko2. Credit This vulnerability was reporte...

SAP Application Interface Framework 跨站脚本漏洞

SAP Application Interface Framework SAP AIF is a German SAP SAP company's application program interface framework. A security vulnerability exists in the SAP Application Interface Framework that stems from the application allowing the use of HTML markup, which can be exploited by an attacker to...

GHSA-8648-H559-8H42 Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting

All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...

Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting

All versions of Fluid Components before 3.5.0 were susceptible to Cross-Site Scripting. Version 3.5.0 of the extension fixes this issue. Due to the nature of the problem, some changes in your project's Fluid templates might be necessary to prevent unwanted double-escaping of HTML markup...

TYPO3 8.0.0 < 8.7.49 ELTS / 9.0.0 < 9.5.38 ELTS / 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 XSS (TYPO3-CORE-SA-2022-017)

The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.49 ELTS / 9.0.0 9.5.38 ELTS / 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-017 advisory. - Due to a parsing issue in the upstream packa...

Security Bulletin: IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable because Sparkle Motion Nokogiri is vulnerable to a denial of service, (CVE-2022-24839)

Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty vulnerable to Sparkle Motion Nokogiri is vulnerable to a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sendin...

Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839)

Summary IBM Sterling Control Center is vulnerable to potential a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to...

GHSA-7X4W-J98P-854X Cross site scripting vulnerability with discussion titles

Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or...