Lucene search
K

6686 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:41 p.m.9 views

CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS6.5AI score0.01113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:25 p.m.9 views

CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

7.1CVSS6.6AI score0.00901EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 p.m.7 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS6.7AI score0.0087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 p.m.7 views

CVE-2020-15092

In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Mos...

7.2CVSS5.7AI score0.0106EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 7:29 a.m.6 views

CVE-2024-23345

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that suppo...

7.1CVSS5.7AI score0.00433EPSS
Exploits0References1
OSV
OSV
added 2025/02/05 7:29 a.m.10 views

BIT-SUPERSET-2022-43717 Apache Superset: Cross-Site Scripting on dashboards

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS5AI score0.0124EPSS
Exploits0References2
NVD
NVD
added 2025/01/30 3:15 p.m.5 views

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

6.5CVSS0.01311EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/01/30 12:0 a.m.6 views

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

7AI score0.01311EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.2 views

DOJO 访问控制错误漏洞

DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from an Access Control Error vulnerability that stems from a lack of access control when rendering a customized DOJO page, resulting in a user being able to create a stored cross-site scripting XSS vulnerability...

7.6CVSS5.6AI score0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/30 12:0 a.m.16 views

CVE-2024-53615

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file...

0.01311EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/29 12:0 a.m.4 views

PT-2025-4863 · Unknown · Exif Viewer Classic

Name of the Vulnerable Software and Affected Versions: EXIF Viewer Classic versions 2.3.2 through 2.4.0 Description: The issue is caused by improper handling of EXIF meta data, leading to a cross-site scripting vulnerability. When an image is rendered and crafted EXIF meta data is processed, an...

6.1CVSS6.7AI score0.00347EPSS
Exploits0References8
Veracode
Veracode
added 2025/01/24 4:33 a.m.13 views

Cross-Site Scripting (XSS)

KateX is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization of input. When users render untrusted mathematical expressions using renderToString, malicious input containing \htmlData can bypass validation, allowing for the execution of arbitrary JavaScrip...

7.2CVSS6.4AI score0.00381EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/01/24 3:15 a.m.8 views

CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

8.7CVSS0.00365EPSS
Exploits0References2
OSV
OSV
added 2025/01/24 3:15 a.m.1 views

UBUNTU-CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

8.7CVSS5.4AI score0.00365EPSS
Exploits0References4
OSV
OSV
added 2025/01/24 2:30 a.m.11 views

CVE-2025-0314 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

8.7CVSS6.1AI score0.00365EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/01/24 12:0 a.m.3 views

GitLab 跨站脚本漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A cross-site scripting vulnerability exists in GitLab CE/EE, which stems from...

8.7CVSS6AI score0.00365EPSS
Exploits0References4
Fedora
Fedora
added 2025/01/23 1:45 a.m.9 views

[SECURITY] Fedora 41 Update: webkit2gtk4.0-2.46.5-1.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2...

7.5CVSS7.3AI score0.01564EPSS
Exploits0
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.4 views

LunaSVG 安全漏洞

LunaSVG is a standalone SVG rendering library in C by the individual developer Samuel Ugochukwu. A security vulnerability exists in LunaSVG version v3.0.0, which stems from a discovery of a containment segmentation violation via the component plutovgblend...

6.5CVSS6.6AI score0.00334EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/01/23 12:0 a.m.4 views

LunaSVG 安全漏洞

LunaSVG is a standalone C SVG rendering library. A security vulnerability exists in LunaSVG, which stems from the inclusion of a segmentation violation found via the component compositionsourceover. No detailed vulnerability details are provided at this time...

6.5CVSS6.8AI score0.00334EPSS
Exploits1References3
OSV
OSV
added 2025/01/21 9:17 p.m.9 views

GHSA-QWJ6-Q94F-8425 MathLive's Lack of Escaping of HTML allows for XSS

Summary Despite normal text rendering as LaTeX expressions, preventing XSS, the library also provides users with commands which may modify HTML, such as the \htmlData command, and the lack of escaping leads to XSS. Details Overall in the code, other than in the test folder, no functions escaping...

6.3CVSS7.2AI score0.00486EPSS
Exploits0References4
Rows per page
Query Builder