Inefficient Regular Expression Complexity in pyload/pyload

✍️ Description The pyload package is vulnerable to ReDoS regular expression denial of service. An attacker that is able to provide crafted HTML comments as input to the comments function of utils/web/purge.py may cause an application to consume an excessive amount of CPU. Below pinned line using...

IBM Workload Automation Information Disclosure Vulnerability (CNVD-2021-03565)

IBM Workload Automation is an American IBM software for batch and real-time workload management. An information disclosure vulnerability exists in IBM Workload Automation version 9.5 that originates from storing sensitive information in HTML comments, which can be exploited by an attacker to obta...

IBM Workload Automation Information Disclosure Vulnerability (CNVD-2021-03568)

IBM Workload Automation boosts productivity and enhances management of enterprise business workloads through a blend of automation and application analytics. An information disclosure vulnerability exists in IBM Workload Automation 9.5. The vulnerability stems from the program storing sensitive...

CVE-2020-4673

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286...

CVE-2020-4673

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286...

Information disclosure

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286...

CVE-2020-4673

IBM Workload Automation 9.5 stores sensitive information in HTML comments that could aid in further attacks against the system. IBM X-Force ID: 186286...

CVE-2020-4673

The CVE-2020-4673 vulnerability affects IBM Workload Automation 9.5 (IBM Workload Scheduler 9.5.x). The root cause is information disclosure via sensitive data stored in HTML comments in the Dynamic Workload Console, enabling an attacker to access potentially sensitive information and aid further...

Security Bulletin: HTML comments with sensitive information could be present in IBM Workload Scheduler

Summary HTML comments with sensitive information, as file locations, machine or user names, could be present in IBM Dynamic Workload Console 9.5 Vulnerability Details CVEID: CVE-2020-4673 DESCRIPTION: IBM Workload Automation stores sensitive information in HTML comments that could aid in further...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

Cross-Site Scripting (XSS)

tinymce is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a user's browser via the HTML comments and CDATA information...

Cross-site Scripting (XSS)

hibernate-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as the SafeHtml annotation from SafeHtmlValidator does not properly sanitize payloads in HTML comments...

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...

GHSA-FM68-89M8-4GJJ Composer JavaScript injection possible via html comments

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments...

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

DEBIAN-CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...