XWiki Platform 跨站脚本漏洞

The XWiki Platform is an open-source wiki platform designed for creating web collaboration applications. Versions of the XWiki Platform prior to 9.15.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient escaping of HTML title tags when injecting blog...

EUVD-2024-2305

Malicious code in bioql PyPI...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the HTML title attribute in the list view. An attacker can manipulate the output and inject malicious scripts by crafting malicious input that is improperly escaped. Note Patched version 3.1.3 has a...

CVE-2024-39308 RailsAdmin Cross-site Scripting vulnerability in the list view

RailsAdmin is a Rails engine that provides an interface for managing data. RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. Upgrade to 3.1.3 or 2.2.2 to be released...

RailsAdmin Cross-site Scripting vulnerability in the list view

Impact RailsAdmin list view has the XSS vulnerability, caused by improperly-escaped HTML title attribute. The issue was originally reported in https://github.com/railsadminteam/railsadmin/issues/3686. Patches Upgrade to 3.1.4. The vulnerability itself was patched in 3.1.3 but it has a functionali...

Cayin xPost 2.5 SQL Injection / Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfindermeetinginput.jsp file's wayfinderseqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and...

html_title - Unsupported - SA-CONTRIB-2017-059

The HTML Title module allows a limited set of HTML markup em, sub, sup, b, i, strong, cite, code, bdi, wbr to be used in node titles. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like ...

Network OSINT Gathering Tool: XRay

XRay is a tool for network OSINT gathering, its goal is to make some of the initial tasks of information gathering and network mapping automatic. How Does it Work? XRay is a very simple tool, it works this way: 1. It’ll bruteforce subdomains using a wordlist and DNS requests. 2. For every...

http-traceroute NSE Script

Exploits the Max-Forwards HTTP header to detect the presence of reverse proxies. The script works by sending HTTP requests with values of the Max-Forwards HTTP header varying from 0 to 2 and checking for any anomalies in certain response values such as the status code, Server, Content-Type and...

Nmap NSE: HTML Title

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...