23 matches found
EUVD-2018-4346
Malware in sbrugna...
EUVD-2016-6147
Malware in sbrugna...
EUVD-2025-1959
Malicious code in bioql PyPI...
EUVD-2024-32401
Malicious code in bioql PyPI...
CVE-2024-56082
ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true...
CVE-2025-4096
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-0995
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2025-0447
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...
CVE-2023-28631 Attacker controlled data in AST nodes is not validated in comrak
comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...
CVE-2022-1894 Popup Builder < 4.1.11 - Admin+ Stored Cross-Site Scripting
The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltredhtml is disallowed...
Internet Bug Bounty: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag
It seems to be a problem caused by a difference between the nokogiri java implementation and the ruby implementation. jruby9.3.3.0 nokogiri java, use Rails::Html::SafeListSanitizer.new.sanitize, allow select/style tag code tags = %wselect style puts...
telemedia-interactive.de XSS vulnerability
Open Bug Bounty ID: OBB-649546 Description| Value ---|--- Affected Website:| telemedia-interactive.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...
openSUSE Security Update : python-mistune (openSUSE-2018-148)
This update for python-mistune to version 0.8.3 fixes several issues. These security issues were fixed : - CVE-2017-16876: Cross-site scripting XSS vulnerability in the keyify function in mistune.py allowed remote attackers to inject arbitrary web script or HTML by leveraging failure to escape th...
openSUSE Security Update : roundcubemail (openSUSE-2016-1205)
This update for roundcubemail to 1.1.6 fixes several issues boo1001856. These security issues were fixed : - Fix XSS issue in href attribute on area tag - Wash position:fixed style in HTML mail for better security These non-security issues were fixed : - Searching in both contacts and groups when...
openSUSE Security Update : otrs (openSUSE-SU-2012:1214-1)
fix a XSS vulnerability: bnc778655 CVE-2012-4600 - update to 2.4.14 openSUSE 11.4 fix for OSA-2012-02, http://otrs.org/advisory/ - Improved HTML security filter to detect tag nesting. - update to 3.0.16 openSUSE 12.1 fix for OSA-2012-02, http://otrs.org/advisory/ - Improved HTML security filter...
Debian: Security Advisory (DSA-2536-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2536-1 (otrs2)
The remote host is missing an update to otrs2 announced via advisory DSA 2536-1. OpenVAS Vulnerability Test $Id: deb25361.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2536-1 otrs2 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
[SECURITY] [DSA 2536-1] otrs2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2536-1 [email protected] http://www.debian.org/security/ Florian Weimer August 30, 2012 http://www.debian.org/security/faq -...
DSA-2536-1 otrs2 - cross-site scripting
Bulletin has no description...