CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

522 matches found

Prion•added 2020/06/09 4:15 a.m.•17 views

Code injection

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

4.3CVSS6AI score0.00468EPSS

Exploits1References1Affected Software1

0day.today•added 2020/04/28 12:0 a.m.•66 views

jQuery <= 3.5 html() Cross Site Scripting Exploit

Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...

7.1AI score

Exploits0

Packet Storm•added 2020/04/25 12:0 a.m.•108 views

jQuery html() Cross Site Scripting

jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security platform estimates that 84% of all websites may be...

Exploits0

BDU FSTEC•added 2020/04/23 12:0 a.m.•2 views

The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...

7.8CVSS0.06773EPSS

Exploits0References9Affected Software7

OpenVAS•added 2020/04/16 12:0 a.m.•26 views

Huawei EulerOS: Security Advisory for lynx (EulerOS-SA-2020-1410)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.6AI score0.0021EPSS

Exploits0References2

Tenable Nessus•added 2020/04/15 12:0 a.m.•26 views

EulerOS 2.0 SP3 : lynx (EulerOS-SA-2020-1410)

According to the version of the lynx package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lynx is a text-based Web browser. Lynx does not display any images,but it does support frames, tables, and most other HTML tags. One advantage Lynx ha...

5.3CVSS6.2AI score0.0021EPSS

Exploits0References2

Veracode•added 2020/04/10 12:39 a.m.•21 views

Use-after-free

The kdelibs vulnerable use-after-free. A flaw was found in the way the KDE HTML parser handled content for the HTML "head" element. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or,...

9.3CVSS5AI score0.08455EPSS

Exploits2References30Affected Software1

Tenable Nessus•added 2020/01/27 12:0 a.m.•32 views

Debian DLA-2075-1 : jsoup security update

An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '' at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 'Jessie', this problem has been fixed in version 1.8.1-1+deb8u1. We recommend that you upgrad...

6.1CVSS6.7AI score0.02044EPSS

Exploits0References3

OpenVAS•added 2020/01/27 12:0 a.m.•52 views

Debian: Security Advisory (DLA-2075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.02044EPSS

Exploits0References3

Veracode•added 2019/12/02 4:42 p.m.•14 views

Denial Of Service (DoS) Through Infinite Loop

html-parser-lite is vulnerable to denial of service attacks. The parser enters an infinite loop when the markup is erroneous, allowing malicious users to cause a system crash...

4.6AI score

Exploits0

PyPA•added 2019/08/02 3:15 p.m.•4 views

PYSEC-2019-12

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.9AI score0.06773EPSS

Exploits0References11Affected Software1

Exploit DB•added 2019/07/25 12:0 a.m.•296 views

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads

BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...

7.4AI score

Exploits0

0day.today•added 2019/07/25 12:0 a.m.•54 views

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads Exploit

6.1CVSS7.6AI score0.08534EPSS

Exploits1