Astra Linux – Vulnerability in symfony

Symfony is a PHP framework for web and console applications, along with a set of reusable PHP components. Starting from versions 2.0.0, 5.0.0, and 6.0.0, and before versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension used issafe=html, but they did not actually ensure that their...

Linux Distros Unpatched Vulnerability : CVE-2023-1932

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be...

UBUNTU-CVE-2023-1932

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an invalid html, allowing HTML injection or...

GHSA-R68H-JHHJ-9JVM Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...

hibernate-validator: safeHTML validator allows XSS

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

DEBIAN-CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack...

XDCMS企业管理系统SQL #3

简要描述： rt 详细说明： public function editsave $this-memberinfo; $userid=intvalCookie::getcookie'memberuserid'; $fields=$POST'fields'; //�޸����� $fieldsql=''; foreach$fields as $k=$v $fvalue=$v; ifisarray$v $fvalue=implode',',$v; $fieldsql.=",$k='".safehtml$fvalue."'"; $fieldsql=substr$fieldsql,1;...

XDcms Sql Injection 6-10

简要描述： Sql Injection 详细说明： 注入在XDCMS企业管理系统后台的内容编辑处，\system\modules\xdcms\content.php文件： 这次出在编辑处，用到的函数是editsave public function editsave $title=safehtml$POST'title';//第一处注入title字段，safehtml为过滤规则集，可被大写绕过进行注入 $commend=intval$POST'commend'; $username=safehtml$POST'username';//第二处注入username，大写可绕过过滤...

PYSEC-2010-19

Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...