Lucene search
K

28 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2023/06/09 12:0 a.m.19 views

LeafKit allows XSS with untrusted user input

This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, whic...

7.4CVSS5.9AI score0.0071EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2021/08/09 8:15 p.m.31 views

CVE-2021-37634

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

6.1CVSS5.4AI score
Exploits0References2
NVD
NVD
added 2021/08/09 8:15 p.m.28 views

CVE-2021-37634

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

7.4CVSS0.0071EPSS
Exploits0References2
Prion
Prion
added 2021/08/09 8:15 p.m.23 views

Cross site scripting

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

4.3CVSS5.8AI score0.0071EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/08/09 7:45 p.m.72 views

CVE-2021-37634

LeafKit (Leaf kit) prior to v1.3.0 is vulnerable to Cross-site Scripting (XSS) when unsanitised data is passed to variable tags due to lack of escaping. The issue stems from not escaping strings rendered as variables, allowing injected scripts into generated Leaf pages if mitigations like a CSP a...

7.4CVSS6AI score0.0071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/08/09 7:45 p.m.33 views

CVE-2021-37634 LeafKit allows XSS with untrusted user input

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

7.4CVSS7AI score0.0071EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/08/09 12:0 a.m.7 views

leafkit 跨站脚本漏洞

leafkit is a software application. Use Swift to create modular server-side software. A cross-site scripting vulnerability exists in Leafkit versions prior to 1.3.0, which affects any user who passes unprocessed data to a Leaf variable tag.Leaf does not escape any strings passed as variables to th...

7.4CVSS6AI score0.0071EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/08/09 12:0 a.m.4 views

PT-2021-21749 · Leafkit · Leafkit

Name of the Vulnerable Software and Affected Versions: Leafkit versions prior to 1.3.0 Description: Leafkit is a templating language with Swift-inspired syntax. The issue affects anyone passing unsanitised data to Leaf's variable tags. Before the fix, Leaf would not escape any strings passed to...

7.4CVSS6AI score0.0071EPSS
Exploits0References9
Rows per page
Query Builder