Lucene search
+L

7 matches found

Veracode
Veracode
added 2026/05/09 5:41 a.m.8 views

Cross-site Scripting (XSS)

JupyterLab is vulnerable to Cross-site Scripting XSS. The vulnerability is due to insufficient validation of data-commandlinker- attributes in sanitized HTML output, which allows an attacker to craft a malicious notebook containing a deceptive button that executes arbitrary JupyterLab commands,...

9.6CVSS6.4AI score0.00386EPSS
Exploits0References8Affected Software2
Snyk
Snyk
added 2026/03/27 8:41 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers such as script, xmp, iframe,...

6.1CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6278

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00217EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/13 12:0 a.m.7 views

CVE-2025-25625

A stored cross-site scripting vulnerability exists in FS model S3150-8T2F switches running firmware s3150-8t2f-switch-fsos-220d118101 and web firmware v2.2.2, which allows an authenticated web interface user to bypass input filtering on user names, and stores un-sanitized HTML and Javascript on t...

5.7AI score0.00217EPSS
Exploits0References1
Amazon
Amazon
added 2024/08/06 12:0 a.m.24 views

Medium: python-lxml

Issue Overview: An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...

6.1CVSS7AI score0.04002EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 3:43 a.m.5 views

SUSE CVE-2021-28957

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS7.8AI score0.04002EPSS
Exploits1References26
Tenable Nessus
Tenable Nessus
added 2021/09/27 12:0 a.m.27 views

EulerOS 2.0 SP9 : python-lxml (EulerOS-SA-2021-2563)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms argument...

6.1CVSS7.6AI score0.04002EPSS
Exploits1References2
Rows per page
Query Builder