Lucene search
K

171 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:24 a.m.7 views

CVE-2023-52194

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:1 a.m.6 views

CVE-2023-36459

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview...

9.3CVSS5.8AI score0.01093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 a.m.9 views

CVE-2019-9870

plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...

9.8CVSS7AI score0.01846EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/16 5:11 p.m.13 views

CVE-2025-47702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

6.1CVSS6.5AI score0.00195EPSS
Exploits0References3
OSV
OSV
added 2025/05/14 5:15 p.m.4 views

CVE-2025-47702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References1
NVD
NVD
added 2025/05/14 5:15 p.m.10 views

CVE-2025-47702

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

6.1CVSS0.00195EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/14 5:1 p.m.7 views

CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

6.4AI score0.00195EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 5:1 p.m.14 views

CVE-2025-47702 oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting XSS.This issue affects oEmbed Providers: from 0.0.0 before 2.2.2...

0.00195EPSS
Exploits0References1
CVE
CVE
added 2025/05/14 5:1 p.m.39 views

CVE-2025-47702

Drupal oEmbed Providers module is affected by an XSS vulnerability from improper input neutralization during web page generation. Affected versions are 0.0.0 through 2.2.1; update to 2.2.2 or later to resolve. Several sources describe this as unauthenticated XSS impacting Drupal oEmbed Providers.

6.1CVSS6.4AI score0.00195EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.6 views

PT-2025-21190 · Unknown · Oembed Providers

Name of the Vulnerable Software and Affected Versions: oEmbed Providers versions 0.0.0 through 2.2.1 Description: The issue affects oEmbed Providers, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations: For versions 0.0.0 through...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.5 views

Drupal oEmbed Providers 跨站脚本漏洞

Drupal oEmbed Providers is a module plugin in the Drupal content management system from the Drupal community. A cross-site scripting vulnerability exists in Drupal oEmbed Providers versions prior to 2.2.2 that stems from improper input neutralization and could lead to a cross-site scripting attac...

6.1CVSS6AI score0.00195EPSS
Exploits0References2
OSV
OSV
added 2025/05/07 5:6 p.m.6 views

DRUPAL-CONTRIB-2025-048

This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...

6.1CVSS6AI score0.00195EPSS
Exploits0References1
Drupal
Drupal
added 2025/05/07 12:0 a.m.36 views

oEmbed Providers - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-048

This module extends the core Media module and allows site creators to permit oEmbed providers in addition to YouTube and Vimeo, which are deemed trustworthy by the Drupal Security Team. The module doesn't sufficiently mark its administrative permission as restricted, creating the possibility for...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/05/07 12:0 a.m.5 views

Drupal oEmbed Providers module < 2.2.2 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module oEmbed Providers versions 2.2.2...

6.1CVSS6.1AI score0.00195EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.5 views

WordPress plugin Uncode 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...

7.5CVSS8.9AI score0.0058EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/02/17 10:25 p.m.5 views

WordPress Uncode plugin <= 2.9.1.6 - Unauthenticated Arbitrary File Read in uncode_admin_get_oembed vulnerability

Unauthenticated Arbitrary File Read in uncodeadmingetoembed vulnerability discovered by mikemyers in WordPress Theme Uncode versions = 2.9.1.6...

7.5CVSS7AI score0.0058EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/01/14 11:15 p.m.12 views

CVE-2024-47605

silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payloa...

5.4CVSS0.01108EPSS
Exploits2References3
Snyk
Snyk
added 2025/01/14 10:18 p.m.2 views

Cross-site Scripting (XSS)

Overview silverstripe/framework is a PHP framework forming the base for the SilverStripe CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the insert media functionality where the linked oEmbed JSON includes an HTML attribute which replaces the embed shortcode...

5.4CVSS5.6AI score0.01108EPSS
Exploits2References2
OSV
OSV
added 2025/01/14 10:18 p.m.7 views

GHSA-7CMP-CGG8-4C82 Silverstripe Framework has a XSS via insert media remote file oembed

Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...

5.4CVSS5.4AI score0.01108EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/01/14 10:18 p.m.15 views

Silverstripe Framework has a XSS via insert media remote file oembed

Impact When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website...

5.4CVSS6.7AI score0.01108EPSS
Exploits2References6Affected Software1
Rows per page
Query Builder