UBUNTU-CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

Design/Logic Flaw

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

Mozilla: Incorrect HTML parsing results in XSS bypass technique

A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters...

CVE-2019-8233

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments...

Hardcoded credentials

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments...

Magento cross-site scripting vulnerability (CNVD-2019-40833)

Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions. Magento 2.2 version and 2.3 version of a security vulnerability , the vulnerability stems from the cleaning engin...

CVE-2019-8233

In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments...

Mozilla: Incorrect HTML parsing results in XSS bypass technique

A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters...

Mozilla: Incorrect HTML parsing results in XSS bypass technique

A flaw was found in Mozilla Firefox and Thunderbird where null bytes were incorrectly parsed in HTML entities. This could lead to HTML comments being treated as code which could lead to XSS in a web application or HTML entities being masked from filters...

Syhunt ScanTools 6.0 - Console Web Vulnerability Scan Tools

Syhunt ScanTools 6.0 adds advanced fingerprinting capabilities, enhanced spidering, injection and code scan capabilities, and a large number of improved checks. Adds the display of Hybrid, Dynamic and Code detailed scan statistics to the command-line tools. New fingerprinting capabilities - Becau...

Design/Logic Flaw

A vulnerability in the web-based management interface of the Cisco Intrusion Prevention System Device Manager IDM could allow an unauthenticated, remote attacker to view sensitive information stored in certain HTML comments. More Information: CSCuh91455. Known Affected Releases: 7.21V7...

libxml2: out-of-bounds memory access when parsing an unclosed HTML comment

It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents...

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

PT-2014-8691 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the Cache key in the HTML-Comments when debug...

W3 Total Cache <= 0.9.4 - Debug Mode XSS

If debug mode is enabled an XSS vector exists in the HTML comments...

vBulletin <= 3.0.6 (Template) Command Execution Exploit (metasploit)

No description provided by source. Title: vBulletin = 3.0.6 Add Template Name in HTML Comments = Yes command execution eXploit Name: phpvb306.pm License: Artistic/BSD/GPL Info: trying to get the command execution exploits out of the way on milw0rm.com. M's are always good. - This is an exploit...

openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)

roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues : - CVE-2013-6172: vulnerability in handling session argument of utils/save-prefs New upstream release 0.9.5 bnc847179 CVE-2013-6172 - Fix failing vCard import when email address field contains spaces - Fix...