Lucene search
+L

61 matches found

OSV
OSV
added 2022/11/21 11:53 p.m.16 views

GHSA-7X4W-J98P-854X Cross site scripting vulnerability with discussion titles

Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or...

9CVSS7.1AI score0.0068EPSS
Exploits0References5
OSV
OSV
added 2022/11/19 12:0 a.m.33 views

CVE-2022-41938 Cross site scripting vulnerability with discussion titles in flarum

Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title inpu...

9CVSS6.1AI score0.0068EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/08/04 7:15 a.m.3 views

CVE-2022-27166

A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim...

6.1CVSS6.5AI score0.85291EPSS
Exploits0References2
Veracode
Veracode
added 2022/04/13 2:50 a.m.30 views

Denial Of Service (DoS)

nekohtml is vulnerable to denial of service. The vulnerability exists due to a memory corruption allowing an attacker to crash the system via a maliciously crafted HTML markup...

7.5CVSS2.2AI score0.02114EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2022/04/12 4:59 a.m.36 views

CVE-2022-24839

A flaw was found in the nokogiri library when processing an ill-formed HTML markup. This flaw allows an attacker to cause uncontrolled resource consumption, which affects performance...

7.5CVSS2.3AI score0.02114EPSS
Exploits0References4
NVD
NVD
added 2022/04/11 10:15 p.m.29 views

CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

7.5CVSS0.02114EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2022/04/11 10:15 p.m.41 views

CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

7.5CVSS6.8AI score0.02114EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/11 9:25 p.m.30 views

CVE-2022-24839 Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

7.5CVSS7.6AI score0.02114EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/03/26 12:9 a.m.25 views

Parsedown Class-Name Injection

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

8.1CVSS8.1AI score0.01469EPSS
Exploits1References5Affected Software1
Hacker One
Hacker One
added 2021/01/31 11:18 a.m.14 views

MTN Group: RXSS - http://macademy.mtnonline.com

The page located at http://macademy.mtnonline.com suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability that occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that...

0.4AI score
Exploits0
Hacker One
Hacker One
added 2021/01/31 8:1 a.m.34 views

Rocket.Chat: Blind XSS

Blind XSS The page located at https://livechat.coinflex.com/livechat suffers from a Cross-site Scripting XSS vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject...

4.3CVSS6AI score0.00758EPSS
Exploits1
Veracode
Veracode
added 2019/05/02 4:44 a.m.54 views

Arbitrary Code Execution

Red Hat Subscription Asset Manager acts as a proxy for handling subscription information and software updates on client machines. The latest packages for Subscription Asset Manager include a number of security fixes: When a Subscription Asset Manager instance is created, its configuration script...

7.5CVSS8AI score0.13911EPSS
Exploits2References11Affected Software11
0day.today
0day.today
added 2019/04/26 12:0 a.m.64 views

Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: Apache Pluto 3.0.0 / 3.0.1 - Persistent Cross-Site Scripting Vulnerability Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version:...

6.4AI score0.20649EPSS
Exploits5
Veracode
Veracode
added 2019/04/08 2:50 a.m.15 views

Cross-Site Scripting (XSS)

erusev/parsedown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the contents of any element with a specific class when safe-mode is used and HTML markup is disabled. This is possible as spaces are permitted in code...

8.1CVSS7.4AI score0.01469EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2019/04/06 8:29 p.m.15 views

Design/Logic Flaw

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

6.8CVSS8AI score0.01469EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/06 8:29 p.m.23 views

CVE-2019-10905

Parsedown before 1.7.2, when safe mode is used and HTML markup is disabled, might allow attackers to execute arbitrary JavaScript code if a script already running on the affected page executes the contents of any element with a specific class. This occurs because spaces are permitted in code bloc...

8.1CVSS7.2AI score
Exploits0References2
CVE
CVE
added 2019/04/06 7:59 p.m.473 views

CVE-2019-10905

Parsedown before 1.7.2 is vulnerable. When safe mode is enabled and HTML markup is disabled, spaces in code block infostrings can cause a script to execute arbitrary JavaScript in an element with a class starting language-, enabling cross-site scripting. Root cause: spaces in code block infostrin...

8.1CVSS7.9AI score0.01469EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/07/03 9:29 p.m.19 views

CVE-2018-9334

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup...

5.5CVSS5.5AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2018/07/03 9:29 p.m.4 views

CVE-2018-9334

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup...

5.5CVSS5.8AI score0.00378EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/07/03 9:0 p.m.21 views

CVE-2018-9334

The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup...

5.6AI score0.00378EPSS
Exploits0References3
Rows per page
Query Builder