17848 matches found
CVE-2024-6531
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded...
Cross-site Scripting
Overview org.webjars.bowergithub.jasny:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting through the data-loading-text attribute in the button component. An attacker can execute arbitrary...
CVE-2024-6531
...
CVE-2024-6531
...
CVE-2024-6531
Removed by vendor...
CVE-2024-6484
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded...
CVE-2024-6484
Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded...
CVE-2024-6484
CVE-2024-6484 is rejected/not used; rescinded per initial description.
CVE-2024-6484
...
CVE-2024-6035
A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...
CVE-2024-6035 Stored XSS in gaizhenbiao/chuanhuchatgpt
A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...
CVE-2024-40618
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...
CVE-2024-40618
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
Bootstrap Cross-Site Scripting (XSS) vulnerability
A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...
BIT-DISCOURSE-2024-35234 Discourse vulnerable to stored-dom XSS via Facebook Oneboxes
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
Supply Chain Attack
yt-dlp is vulnerable to Supply Chain Attack. The vulnerability is due to the use of a compromised CDN cdn.bootcdn.net which is used to fetch a component of the crypto-js JavaScript library, allowing an attacker to potentially inject and execute malicious JavaScript code...
GHSA-H658-QQV9-QWV8 Apache NiFi vulnerable to Cross-site Scripting
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...
Apache NiFi vulnerable to Cross-site Scripting
Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client...
PT-2024-37468 · Quivr · Quivr
Name of the Vulnerable Software and Affected Versions: stangirard/quivr version latest Description: A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads...