365 matches found
NocoDB Allows Preview of Files with Dangerous Content
Summary --- Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSSCross-Site Script attack. PoC --- NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 currentl...
IBM App Connect Enterprise HTML Injection Vulnerability
IBM App Connect Enterprise combines the existing industry-trusted technology of IBM Integration Bus with IBM App Connect Professional and cloud technology. It provides a platform that supports the comprehensive integration needs of the modern digital enterprise. IBM App Connect Enterprise suffers...
Setuptools: Denial of Service
Background Setuptools is a manager for Python packages. Description A vulnerability has been discovered in Setuptools. See the impact field. Impact An inefficiency in a regular expression may end in a denial of service if an user is fetching malicious HTML from a package in PyPI or a custom...
CVE-2023-25200
The CVE-2023-25200 entry concerns MT Safeline X-Ray X3310 Webserver NXG 19.05 with an HTML injection vulnerability that can cause a remote attacker to render malicious HTML in a victim's browser and access sensitive information. Red Hat and other sources describe it as an HTML injection/XSS issue...
MT Safeline X-Ray X3310 安全漏洞
MT Safeline X-Ray X3310 is an application from MT Safeline, Inc. A security vulnerability exists in MT Safeline X-Ray X3310 version 19.05. An attacker can exploit the vulnerability to render malicious HTML and obtain sensitive information from the victim's browser...
CVE-2023-25200
An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser...
CVE-2024-24906
Dell Secure Connect Gateway SCG Policy Manager, all versions, contains a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...
langchain Server-Side Request Forgery vulnerability
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
CVE-2024-0243
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
LangChain Code Issues Vulnerabilities
LangChain is building applications using LLM through composability. LangChain is vulnerable to a code issue. An attacker could use this vulnerability to place a malicious HTML file with a link such as "https://example.completely.different/myfile.html" in it, allowing the crawler to continue...
CVE-2024-0243 Server-side Request Forgery In Recursive URL Loader
With the following crawler configuration: python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader url=url, maxdepth=2, extractor=lambda x: Soupx, "html.parser".text docs = loader.load An attacker in control of the contents of https://example.com could...
PT-2024-15407 · Langchain Ai · Langchain
Name of the Vulnerable Software and Affected Versions: langchain versions prior to the version that includes the fix from https://github.com/langchain-ai/langchain/pull/15559 Description: The issue arises when an attacker controls the contents of a website, such as https://example.com, and places...
CVE-2024-24593
A cross-site request forgery CSRF vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to...
PYSEC-2024-128
Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious...
CVE-2024-22876
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...
Cross site scripting
StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...
Design/Logic Flaw
The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...
CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS
The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...
CVE-2023-6627 WP Go Maps < 9.0.28 - Unauthenticated Stored XSS
The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site...
CVE-2023-48642
Archer Platform 6.x before 6.13 P2 6.13.0.2 contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through...