19 matches found
Cross-site Scripting (XSS)
Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...
EUVD-2019-5229
Malware in sbrugna...
EUVD-2022-1838
Malicious code in bioql PyPI...
EUVD-2021-29030
Malicious code in bioql PyPI...
git security update
2.47.1-2 - add the option to sanitize sideband channel messages - Resolves: RHEL-84513...
USN-7430-1 dino-im vulnerability
Kim Alvefur discovered that Dino did not correctly sanitize certain messages. A remote attacker could possibly use this issue to leak sensitive information...
Cross-site Scripting (XSS)
Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient sanitization of error messages. An attacker can inject malicious scripts that are executed in the context of the user's browser session. Details Cross-si...
BIT-MOODLE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
Information Disclosure
github.com/grafana/google-sheets-datasource is vulnerable to Information Disclosure. The vulnerability is due to improper error message sanitization in googlesheets.go during the client.GetSpreadsheet function call. This potentially expose the Google Sheet API-key that is configured for the data...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
CVE-2020-1691
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from...
Design/Logic Flaw
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated...
PT-2020-6653 · Unknown · Dropwizard-Validation
Name of the Vulnerable Software and Affected Versions: Dropwizard-Validation versions prior to 1.3.19 Dropwizard-Validation versions prior to 2.0.2 Description: The issue allows arbitrary code execution on the host system with the privileges of the Dropwizard service account by injecting arbitrar...
Cross site scripting
Cross-site scripting XSS vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3, 3.1.1 through 3.4.1. allows remote attackers to inject arbitrary web script or HTML via vectors related to the way error messages perform...
CVE-2019-1273
A cross-site-scripting XSS vulnerability exists when Active Directory Federation Services ADFS does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'...
CVE-2018-8474
A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync...
Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)
SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...
KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing
source: https://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may leverage this issue to spoof email content and various header...