Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting. The vulnerability is due to improper HTML sanitisation in the Director::forceredirect method, leading to potential XSS risks during HTTP redirection...

CVE-2023-26147

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n carriage return line feeds characters to end the HTTP response headers and inject malicious content, like for example...

mediawiki -- multiple vulnerabilities

Mediawikwi reports: T264765, CVE-2023-PENDING SECURITY: Users without correct permission are incorrectly shown MediaWiki:Missing-revision-permission. T333050, CVE-2023-PENDING SECURITY: Fix infinite loop for self-redirects with variants conversion. T340217, CVE-2023-PENDING SECURITY: Vector 2022:...

SUSE: Security Advisory (SUSE-SU-2023:2304-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3045-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-29929

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible...

EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1157)

According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to...

Mozilla Firefox Security Advisory (MFSA2011-47) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)

Ruby on Rails blog : Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View C Tenable Network Security, Inc. The descriptive...

Rails -- Potential XSS vulnerability

Ruby on Rails blog: Rails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can. Both releases contain the following fix: CVE-2020-15169 Potential XSS vulnerability in Action View...

CVE-2020-1760

A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input...

Mail.ru: [geekbrains.ru] Reflected XSS via Angular Template Injection

Potential XSS due to use of Angular templates...

Clario: CSS Injection on static.mackeeper.com - Potential XSS

Summary CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to cross-site scripting XSS vulnerabilities but often trickier to exploit. Steps to reproduce the...

FreeBSD : mediawiki -- multiple vulnerabilities (3c5a4fe0-9ebb-11e9-9169-fcaa147e860e)

MediaWiki reports : Security fixes : T197279, CVE-2019-12468: Directly POSTing to Special:ChangeEmail would allow for bypassing reauthentication, allowing for potential account takeover. T204729, CVE-2019-12473: Passing invalid titles to the API could cause a DoS by querying the entire watchlist...

gitea -- XSS vulnerability

Gitea Team reports: Fix potential XSS vulnerability in repository description...

CVE-2016-5394

In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities...

CVE-2016-5394

CVE-2016-5394 concerns the Apache Sling XSS Protection API. The XSSProtection API module, before version 1.0.12, uses the encoding from XSSAPI.encodeForJSString() that is not sufficiently restrictive, allowing certain input patterns to pass unencoded and potentially enable cross-site scripting. T...

openSUSE Security Update : MozillaFirefox / MozillaThunderbird / seamonkey / etc (openSUSE-SU-2012:0567-1)

Changes in xulrunner : - update to 12.0 bnc758408 - rebased patches - MFSA 2012-20/CVE-2012-0467/CVE-2012-0468 Miscellaneous memory safety hazards - MFSA 2012-22/CVE-2012-0469 bmo738985 use-after-free in IDBKeyRange - MFSA 2012-23/CVE-2012-0470 bmo734288 Invalid frees causes heap corruption in...

Fedora 19 : php-ZendFramework2-2.2.7-1.fc19 (2014-6530)

2.2.7 2014-04-015 SECURITY UPDATES - ZF2014-03: Potential XSS vector in multiple view helpers due to inappropriate HTML attribute escaping. Many view helpers were using the escapeHtml view helper in order to escape HTML attributes. This release patches them to use the escapeHtmlAttr view helper i...

RHEL 6 : php-pecl-apc (RHSA-2012:0811)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0811 advisory. - php-pecl-apc: potential XSS in apc.php CVE-2010-3294 Note that Nessus has not tested for this issue but has instead relied only on the application'...