GHSA-CMV8-6362-R5W9 Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. The attacker creates a workflow that produces a HTML artifact that contains a HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker...

Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

GHSA-42GQ-H7XJ-33R4 Features file injection vulnerability

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory...

CVE-2022-26947

Archer 6.x through 6.9 SP3 6.9.3.0 contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the...

swagger-ui-dist 安全漏洞

swagger-ui-dist is a module that exposes the entire dist folder of Swagger-UI as a dependency-free npm module. A security vulnerability exists in Node.js swagger-ui-dist versions prior to 4.1.3, which stems from a lack of effective filtering and validation of html code. An attacker can write...

GHSA-72WF-HWCQ-65H9 Cross-Site Request Forgery in Filebrowser

A Cross-Site Request Forgery CSRF vulnerability exists in Filebrowser 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim...

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

CVE-2021-43441

An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form...

Cross site scripting

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

Code Injection in tsolucio/corebos

Description The user can control a point and infuse arbitrary HTML code into a vulnerable web page. This vulnerability can have numerous results, like disclosure of a user’s session treats that might be utilized to impersonate the victim, or, more generally, it can permit the aggressor to alter t...

CVE-2021-24563

The Frontend Uploader WordPress plugin through 1.3.2 does not prevent HTML files from being uploaded via its form, allowing unauthenticated user to upload a malicious HTML file containing JavaScript for example, which will be triggered when someone access the file directly...

Denial Of Service (DoS)

chromium is vulnerable to denial of service. An attacker is able to crash the system by exploiting a heap corruption via a maliciously crafted HTML page...

Cross site scripting

The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfilteredhtml capability is disallowed, which could lead to Cross-Site Scripting issues...

Eclipse Theia 访问控制错误漏洞

Eclipse Theia is the Eclipse Foundation's suite of open source Integrated Development Environment frameworks for desktop and web applications based on Visual Studio Code. An access control error vulnerability exists in Eclipse Theia versions 0.3.9 through 1.8.1, which stems from a "mini-browser"...

Arbitrary Code Execution

chrome is vulnerable to arbitrary code execution. A type confusion in V8 in Google Chrome allows a remote attacker to execute arbitrary code inside a sandbox via a malicious HTML page...

CVE-2021-21577

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

Cross site scripting

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

Cross site scripting

Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

Cross site scripting

Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link...

Backdoor.Win32.Zombam.gen Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Cross Site Scripting XSS Description: Zombam malware listen...