31 matches found
SPIP 跨站脚本漏洞
SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.2.15 had a cross-site scripting vulnerability. This vulnerability stemmed from improper validation of JavaScript tags in HTML code, which could lead to cross-site scripting attacks...
EUVD-2024-0489
Malicious code in bioql PyPI...
EUVD-2024-0679
Malicious code in bioql PyPI...
EUVD-2023-23989
Malicious code in bioql PyPI...
GHSA-CG87-WMX4-V546 KaTeX \htmlData does not validate attribute names
Impact KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML. Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. Workarounds - Avoid use of or turn off the...
Cross-Site Scripting (XSS)
silverstripe/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of proper validation of user-submitted HTML in the “compare mode” of the CMS page history tab, which allows attackers to embed malicious scripts that results in Cross-Site Scripting XSS...
CVE-2024-3692
The CVE-2024-3692 entry concerns Gutenverse (WordPress) before 1.9.1. The vulnerability is a Stored XSS caused by not validating the htmlTag option in various blocks before output, allowing authenticated users with theContributor+ role to inject malicious HTML. Red Hat and Patchstack entries corr...
GHSA-3JCV-5F9P-2F2P Cross-site Scripting in electron-pdf
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
Cross-site Scripting in Pyhtml2pdf
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
CVE-2024-1647
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
CVE-2024-1648
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
Hardcoded credentials
Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
Hardcoded credentials
electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user...
CVE-2023-46744 Stored Cross-site Scripting in Squidex
Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting XSS vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficien...
Cross-site Scripting (XSS)
phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the lack of HTML elements validation in login.php, which allows an attacker to inject and execute malicious JavaScript into the browser...
[SECURITY] Fedora 39 Update: htmltest-0.17.0-4.fc39
htmltest runs your HTML output through a series of checks to ensure all your links, images, scripts references work, your alt tags are filled in, et cetera...
CVE-2023-1783
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
Hardcoded credentials
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF...
CVE-2023-1783
OrangeScrum 2.0.11 is vulnerable to a flaw in HTML-to-PDF rendering that allows an external attacker to remotely obtain AWS instance credentials. The root cause is improper validation of HTML content during PDF conversion, leading to credentials leakage (impacting confidentiality). The most expli...