Lucene search
K

99 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:11 a.m.4 views

SUSE CVE-2007-4229

Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service failed assertion and application crash via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO, PRE, FRAMESET, and A tags. NOTE: the provenance ...

4.3CVSS6.6AI score0.02184EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:45 a.m.2 views

SUSE CVE-2012-3465

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS6AI score0.01977EPSS
Exploits1References7
OSV
OSV
added 2022/04/11 10:15 p.m.3 views

DEBIAN-CVE-2022-24839

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

7.5CVSS7.2AI score0.02114EPSS
Exploits0References1
RubySec
RubySec
added 2021/11/17 12:0 a.m.4 views

Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML

Affected packages The vulnerability has been discovered in the Advanced Content Filter ACF module and may affect all plugins used by CKEditor 4. Impact A potential vulnerability has been discovered in CKEditor 4 Advanced Content Filter ACF core module. The vulnerability allowed to inject malforme...

8.2CVSS6.9AI score0.01257EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2021/08/23 12:0 a.m.5 views

Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.

Affected packages The vulnerability has been discovered in Fake Objects plugin. All plugins with Fake Objects plugin dependency are affected: Fake Objects Link Flash Iframe Forms Page Break Impact A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability...

7.3CVSS7AI score0.01324EPSS
Exploits0References1Affected Software1
Veracode
Veracode
added 2021/08/20 9:54 a.m.54 views

Remote Code Execution (RCE)

ckeditor is vulnerable to remote code execution. An attacker is able to abuse the undo functionality using malformed widget HTML, which could result in executing JavaScript code...

7.6CVSS1.5AI score0.01192EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2021/08/13 12:15 a.m.4 views

DEBIAN-CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

5.4CVSS6.2AI score0.01324EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/08/13 12:15 a.m.4 views

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

7.3CVSS5.4AI score0.01324EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2021/08/13 12:15 a.m.1 views

UBUNTU-CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

7.3CVSS6.5AI score0.01324EPSS
Exploits0References6
OSV
OSV
added 2021/08/12 5:15 p.m.1 views

DEBIAN-CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

5.4CVSS6.2AI score0.01192EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2021/08/12 5:15 p.m.32 views

CVE-2021-32809

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

5.4CVSS6.6AI score0.01188EPSS
Exploits0References4
OSV
OSV
added 2021/08/12 5:15 p.m.1 views

UBUNTU-CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

7.6CVSS6.6AI score0.01192EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/08/12 5:10 p.m.38 views

CVE-2021-32809 Arbitrary HTML injection vulnerability in ckeditor

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Clipboard package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It...

4.6CVSS6.6AI score0.01188EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/08/12 12:0 a.m.4 views

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability in the CKEditor 4 Clipboard package allows users to abuse the paste function with malformed HTML, which could result in injecting arbitrary HTML into the editor...

5.4CVSS6.3AI score0.01188EPSS
Exploits0References11
Veracode
Veracode
added 2020/04/10 12:58 a.m.27 views

Arbitrary Code Execution

firefox/thunderbirds is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS2.9AI score0.04372EPSS
Exploits0References19Affected Software4
Veracode
Veracode
added 2020/04/10 12:58 a.m.27 views

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

10CVSS2.9AI score0.05505EPSS
Exploits1References20Affected Software4
Positive Technologies
Positive Technologies
added 2018/10/01 12:0 a.m.4 views

PT-2018-14220 · Google · X/Net/Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue arises from the html package mishandling certain HTML tags, such as and , leading to a "panic: runtime error" index out of range during an html.Parse call. This...

7.5CVSS6AI score0.02832EPSS
Exploits2References16
Positive Technologies
Positive Technologies
added 2018/09/17 12:0 a.m.2 views

PT-2018-13923 · Google · X/Net/Html

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html through 2018-09-17 Description: The issue arises from the mishandling of specific HTML tags, such as , which can lead to a "panic: runtime error" in the inBodyIM function within parse.go during an html.Parse call...

7.5CVSS6.1AI score0.02772EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2018/09/16 12:0 a.m.4 views

PT-2018-13880 · Go · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions prior to 2018-07-13 Description: The issue is related to the HTML parser mishandling "in frameset" insertion mode. This can lead to a panic when parsing malformed HTML that contains tags, potentially...

7.5CVSS5.9AI score0.02774EPSS
Exploits1References18
OSV
OSV
added 2016/01/26 7:59 p.m.3 views

CVE-2016-0869

Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document...

5CVSS6.1AI score0.01045EPSS
Exploits0References2
Rows per page
Query Builder