Lucene search
K

365 matches found

Github Security Blog
Github Security Blog
added 2024/05/13 4:46 p.m.30 views

NocoDB Allows Preview of Files with Dangerous Content

Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...

5.7CVSS5.6AI score0.00574EPSS
Exploits1References3Affected Software1
CNVD
CNVD
added 2024/05/13 12:0 a.m.7 views

IBM App Connect Enterprise HTML Injection Vulnerability

IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise suffers...

5.4CVSS6.9AI score0.0033EPSS
Exploits0References1
Gentoo Linux
Gentoo Linux
added 2024/05/05 12:0 a.m.31 views

Setuptools: Denial of Service

Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...

5.9CVSS8.7AI score0.02617EPSS
Exploits1
CVE
CVE
added 2024/04/04 12:0 a.m.60 views

CVE-2023-25200

The CVE-2023-25200 entry concerns MT Safeline X-Ray X3310 Webserver NXG 19.05 with an HTML injection vulnerability that can cause a remote attacker to render malicious HTML in a victim's browser and access sensitive information. Red Hat and other sources describe it as an HTML injection/XSS issue...

4.7CVSS6.5AI score0.00432EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/04 12:0 a.m.3 views

MT Safeline X-Ray X3310 安全漏洞

MT Safeline X-Ray X3310 is an application from MT Safeline, Inc. A security vulnerability exists in MT Safeline X-Ray X3310 version 19.05. An attacker can exploit the vulnerability to render malicious HTML and obtain sensitive information from the victim's browser...

5.4CVSS6.1AI score0.00432EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/04 12:0 a.m.11 views

CVE-2023-25200

An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...

6.8AI score0.00432EPSS
Exploits0References1
NVD
NVD
added 2024/03/01 1:15 p.m.20 views

CVE-2024-24906

Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

7.6CVSS6.7AI score0.00422EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/02/26 6:30 p.m.22 views

langchain Server-Side Request Forgery vulnerability

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS4AI score0.00517EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2024/02/26 4:27 p.m.9 views

CVE-2024-0243

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

8.1CVSS4AI score0.00517EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.4 views

LangChain Code Issues Vulnerabilities

LangChain is building applications using LLM through composability. LangChain is vulnerable to a code issue. An attacker could use this vulnerability to place a malicious HTML file with a link such as "https://example.completely.different/myfile.html" in it, allowing the crawler to continue...

8.1CVSS7AI score0.00517EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/02/24 5:59 p.m.18 views

CVE-2024-0243 Server-side Request Forgery In Recursive URL Loader

With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...

3.7CVSS4.3AI score0.00517EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/02/24 12:0 a.m.4 views

PT-2024-15407 · Langchain Ai · Langchain

Name of the Vulnerable Software and Affected Versions: langchain versions prior to the version that includes the fix from https://github.com/langchain-ai/langchain/pull/15559 Description: The issue arises when an attacker controls the contents of a website, such as https://example.com, and places...

8.1CVSS4.5AI score0.00517EPSS
Exploits1References11
OSV
OSV
added 2024/02/06 3:15 p.m.4 views

CVE-2024-24593

A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...

8.8CVSS5.7AI score
Exploits0References1
PyPA
PyPA
added 2024/01/24 12:15 a.m.6 views

PYSEC-2024-128

Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...

6.1CVSS7.2AI score0.00592EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/01/19 2:15 p.m.1 views

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

5.4CVSS5.8AI score0.00289EPSS
Exploits0References1
Prion
Prion
added 2024/01/19 2:15 p.m.28 views

Cross site scripting

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

4.9CVSS6.3AI score0.00289EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2024/01/08 7:15 p.m.20 views

Design/Logic Flaw

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...

5.8CVSS7AI score0.00619EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/08 7:0 p.m.2 views

CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...

6.4AI score0.00619EPSS
Exploits2References2
Cvelist
Cvelist
added 2024/01/08 7:0 p.m.30 views

CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...

6.4AI score0.00619EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2023/12/12 8:15 a.m.2 views

CVE-2023-48642

Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...

5.4CVSS5.9AI score0.00463EPSS
Exploits0References2
Rows per page
Query Builder