Lucene search
+L

69 matches found

Huntr
Huntr
added 2022/08/19 5:53 p.m.29 views

Persistent Cross Site Scripting - LayoutEditor Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On LayoutEditor module from Settings, the type of fieldModel-label parameter is "Text" but it is not validated and it's used directly without any encoding or validation on LayoutEditor/EditField.tpl. It...

4.9CVSS5.5AI score0.00529EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:49 p.m.26 views

Persistent Cross-site Scripting - SlaPolicy Module - Settingss

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On SlaPolicy module from Settings, the type of recordModel-name parameter is "Text" but it is not validated and it's used directly without any encoding or validation on SlaPolicy/EditViewBlocks.tpl. It...

4.9CVSS1.2AI score0.00512EPSS
Exploits1
Huntr
Huntr
added 2022/08/19 5:45 p.m.25 views

Persistent Cross Site Scripting - Workflow Module - Settings

Description The application uses Purifier to avoid the Cross Site Scripting attack. However, On Workflow module from Settings, the type of workflowModel-summary parameter is not defined and validated, it's used directly without any encoding or validation on Workflows/Step1.tpl and...

4.9CVSS0.1AI score0.00512EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/08/06 5:21 a.m.6 views

aclients (>=1.0.0b31 <=1.0.1b1), aiocqhttp-sanic (>=1.2.3 <=1.2.3rc1) +71 more potentially affected by CVE-2022-35920 via sanic (>=0.3.1 <=20.12.2)

sanic PYPI version =0.3.1, =1.0.0b31, =1.2.3, =0.1.0a6, =0.6.1, =0.39.0, =0.0.4, =0.8.0, =0.0.2, =0.0.2.8.5 and more Source cves: CVE-2022-35920 Source advisory: OSV:GHSA-8CW9-5HMV-77W6...

8.3CVSS7.1AI score0.00919EPSS
Exploits1
OSV
OSV
added 2022/05/17 5:49 a.m.22 views

GHSA-6RM6-MJMH-86JQ HTML Purifier Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.02008EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2022/05/17 5:49 a.m.17 views

HTML Purifier Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.3AI score0.02008EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/17 5:31 a.m.5 views

GHSA-JW86-5CJF-MV79 HTML Purifier allows remote attackers to obtain sensitive information

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

6.9CVSS5.9AI score0.01372EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/05/17 5:31 a.m.16 views

HTML Purifier allows remote attackers to obtain sensitive information

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

5CVSS6.5AI score0.01372EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/05/13 1:7 a.m.26 views

GHSA-3P68-M5QW-9G9W HTML Purifier cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...

4.3CVSS5.2AI score0.00902EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:7 a.m.30 views

HTML Purifier cross-site scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted 1 background-image, 2 background, or 3 font-family Cascading Style Sheets CSS property, a different...

4.3CVSS5.3AI score0.00902EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/05/01 6:14 p.m.8 views

GHSA-6FH7-FWQJ-MV49 HTML Purifier Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped printr output."...

6.1CVSS5.6AI score0.01033EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/01 6:14 p.m.17 views

HTML Purifier Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in smoketests/configForm.php in HTML Purifier before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "unescaped printr output."...

4.3CVSS6AI score0.01033EPSS
Exploits0References7Affected Software1
Akamai Blog
Akamai Blog
added 2020/09/25 1:0 p.m.67 views

Fighting Smoke with Open Source

I'm a developer advocate at Akamai and a huge proponent for the open source initiative. So, today I am going to tell you a story of how a regular person like you or me can make an impact with just a little bit of goodwill, and a pinch of open source. Early morning on August 16, around 2,500...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2016/10/11 7:59 a.m.349 views

Nextcloud: URI scheme bypass in mail app lead to HTML content spoof and opener control

Bug When we load a HTML mail from mailbox via api, etc http://nextcloud/index.php/apps/mail/accounts//folders/SU5CT1g=/messages//html Our content will be passed to HTML Purifier to strip malicious XSS patterns. After that, an filter will apply to transform acceptable URI schemes http, https, ftp,...

Exploits0
seebug.org
seebug.org
added 2014/10/24 12:0 a.m.27 views

TinyRise 最新版注射获取敏感信息

简要描述: TinyRise 最新版注射获取敏感信息 详细说明: 主要问题出在filterclass.php: public static function text$str $config = HTMLPurifierConfig::createDefault; $cachedir=Tiny::getPath'cache'."/htmlpurifier/"; if!fileexists$cachedir File::mkdir$cachedir; $config = HTMLPurifierConfig::createDefault; //配置 缓存目录...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/09/19 12:0 a.m.116 views

TinyShop SQL注入(开启GPC,绕过过滤)

简要描述: 之前的都是找程序员的疏忽,这个位置是绕过程序的防注入。 详细说明: 环境: GPC = On public static function sql$str //过滤函数 if !getmagicquotesgpc //gpc off 就转义,把之前那个奇葩的漏洞补了 //不使用主要是因为,先有mysql的连接 //$str = mysqlrealescapestring$str; $str = addslashes$str; $str =...

7AI score
Exploits0
Fedora
Fedora
added 2014/08/23 1:58 a.m.14 views

[SECURITY] Fedora 19 Update: php-htmlpurifier-htmlpurifier-4.6.0-1.fc19

Standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code better known as XSS with a thoroughly audited, secure yet permissive white list, it will also make sure your documents are standards compliant, something only achievable with a...

1.4AI score
Exploits0
Fedora
Fedora
added 2014/08/23 1:56 a.m.13 views

[SECURITY] Fedora 20 Update: php-htmlpurifier-htmlpurifier-4.6.0-1.fc20

Standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code better known as XSS with a thoroughly audited, secure yet permissive white list, it will also make sure your documents are standards compliant, something only achievable with a...

1.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/08/23 12:0 a.m.28 views

Fedora 19 : php-htmlpurifier-htmlpurifier-4.6.0-1.fc19 (2014-9379)

HTML Purifier 4.6.0 is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms. Most users will see a decent speedup on large inputs, although small inputs may take longer. Additionally, the secure URI munging algorithm has changed to do a proper HMA...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/23 12:0 a.m.18 views

Fedora 20 : php-htmlpurifier-htmlpurifier-4.6.0-1.fc20 (2014-9361)

HTML Purifier 4.6.0 is a major security release, fixing numerous bad quadratic asymptotics in HTML Purifier's core algorithms. Most users will see a decent speedup on large inputs, although small inputs may take longer. Additionally, the secure URI munging algorithm has changed to do a proper HMA...

5.5AI score
Exploits0References2
Rows per page
Query Builder