Lucene search
+L

99 matches found

CNNVD
CNNVD
added 2024/08/16 12:0 a.m.5 views

RichText Field Type 安全漏洞

RichText Field Type is an open source application from Ibexa. A security vulnerability exists in RichText Field Type versions prior to 4.6.10 that stems from the validator of RichText Field Type blocking javascript: and vbscript: in links to prevent cross-site scripting attacks. However, this che...

7.2CVSS5.8AI score0.00367EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/08/15 11:17 p.m.27 views

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS0.00367EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/08/15 11:17 p.m.17 views

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.9AI score0.00367EPSS
Exploits0References5
CVE
CVE
added 2024/08/15 11:17 p.m.58 views

CVE-2024-43369

CVE-2024-43369 affects Ibexa (ezplatform) RichText Field Type prior to 4.6.10. The validator blocked javascript: and vbscript: in links but could be bypassed with uppercase/case variants, enabling persistent XSS for users with content-editing permissions (typically Editor+). The issue is mitigate...

7.2CVSS6.9AI score0.00367EPSS
Exploits0References5
OSV
OSV
added 2024/08/15 11:17 p.m.12 views

CVE-2024-43369 Persistent Cross-site Scripting in Ibexa RichText Field Type

Ibexa RichText Field Type is a Field Type for supporting rich formatted text stored in a structured XML format. In versions on the 4.6 branch prior to 4.6.10, the validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open,...

7.2CVSS6.3AI score0.00367EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2024/08/14 6:8 p.m.29 views

Persistent Cross-site Scripting in eZ Platform Rich Text Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...

7.2CVSS7.2AI score0.00367EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2024/08/14 6:8 p.m.19 views

GHSA-RHM7-7469-RCPW Persistent Cross-site Scripting in eZ Platform Rich Text Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...

7.2CVSS6.8AI score0.00367EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2024/08/14 6:8 p.m.18 views

Persistent Cross-site Scripting in Ibexa RichText Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...

7.2CVSS6.8AI score0.00367EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/08/14 6:8 p.m.10 views

GHSA-HVCF-6324-CJH7 Persistent Cross-site Scripting in Ibexa RichText Field Type

Impact The validator for the RichText fieldtype blocklists javascript: and vbscript: in links to prevent XSS. This can leave other options open, and the check can be circumvented using upper case. Content editing permissions for RichText content is required to exploit this vulnerability, which...

7.2CVSS6.8AI score0.00367EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/06/24 11:50 a.m.2 views

Malicious code in kami-richtext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/06/24 11:50 a.m.8 views

MAL-2024-1662 Malicious code in kami-richtext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9634fe3bee06c80f43ca27ad558c4834386dc1bb31779583c7911b679f550bff Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2023/10/19 7:15 p.m.3 views

coderedcms (>=2.0.0 <=2.1.4), puput (=1.2.0) +31 more potentially affected by CVE-2023-45809 via wagtail (>=4.2.4 <=5.0.0rc1)

wagtail PYPI version =4.2.4, =2.0.0, =0.1.0, =0.3.4, =0.0.1, =1.6.0, =0.18.0, =0.19.2 - wagtail-hallo =0.3.0 - wagtail-images-deduplicator =1.0.0a1 and more Source cves: CVE-2023-45809 Source advisory: OSV:PYSEC-2023-219...

2.7CVSS5.8AI score0.00454EPSS
Exploits0
Hacker One
Hacker One
added 2023/04/03 12:58 p.m.40 views

Reddit: RichText parser vulnerability in scheduled posts allows XSS

Hyperlinks were not being filtered on the server-side in Reddit's scheduled post feature, allowing an attacker to modify a request with a normal hyperlink that embeds a malicious link using a javascript scheme. This could result in an XSS attack if an admin clicked on the malicious link while...

6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 6:12 a.m.4 views

SUSE CVE-2007-1282

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...

9.3CVSS9.7AI score0.04691EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:56 a.m.3 views

SUSE CVE-2010-4071

Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...

2.6CVSS6AI score0.01891EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:21 p.m.2 views

Malicious code in @bf-ui-library/richtext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6f8eca6486a986ffa6a1485a09fcd040b4b868cf477e36a31ffaf282abbe266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:21 p.m.5 views

MAL-2022-118 Malicious code in @bf-ui-library/richtext (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a6f8eca6486a986ffa6a1485a09fcd040b4b868cf477e36a31ffaf282abbe266 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2022/01/18 11:15 p.m.2 views

DEBIAN-CVE-2022-21690

OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions The path parameter of the requested URL is not sanitized before being passed to the QT frontend. This path is used in all componen...

5.4CVSS6.5AI score0.00789EPSS
Exploits1References1
Veracode
Veracode
added 2021/12/02 11:58 a.m.11 views

Cross-Site Scripting (XSS)

ezsystems/ezplatform-richtext is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in custom tags allowing an attacker to inject and execute malicious javascript...

2.7AI score
Exploits0
OSV
OSV
added 2021/12/01 6:28 p.m.12 views

GHSA-9JP8-CWWX-P64Q XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext

The rich text editor does not escape attribute data when previewing custom tags. This means XSS is possible if custom tags are used, for users who have access to editing rich text content. Frontend content view is not affected, but the vulnerability could be used by editors to attack other editor...

6.1AI score
Exploits0References3
Rows per page
Query Builder