36 matches found
GHSA-H8R8-WCCR-V5F2 DOMPurify is vulnerable to mutation-XSS via Re-Contextualization
Description A mutation-XSS mXSS condition was confirmed when sanitized HTML is reinserted into a new parsing context using innerHTML and special wrappers. The vulnerable wrappers confirmed in browser behavior are script, xmp, iframe, noembed, noframes, and noscript. The payload remains seemingly...
EUVD-2018-0188
Malware in sbrugna...
EUVD-2022-7440
Malicious code in bioql PyPI...
CVE-2022-43968
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
CVE-2022-43694
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output...
SUSE CVE-2018-16468
In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
Mozilla: Malicious command could be hidden in devtools output
The Mozilla Foundation Security Advisory describes this flaw as: When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within...
GHSA-VQ39-Q549-G786 Concrete CMS vulnerable to Cross-site Scripting via multilingual report
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
Concrete CMS vulnerable to Cross-site Scripting via multilingual report
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the multilingual report due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
GHSA-8782-XGH5-R7MV Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
CVE-2022-43968
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
Cross site scripting
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
CVE-2022-43694
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the image manipulation library due to un-sanitized output...
PT-2022-27048 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions below 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 Description: The issue is related to Reflected XSS in the multilingual report due to un-sanitized output. Recommendations: For Concrete CMS versions below 8.5.10,...
CVE-2022-43968
Concrete CMS (concrete5) is affected by CVE-2022-43968. The vulnerability is a Reflected XSS in the dashboard icons caused by un-sanitized output. Affected versions are Concrete CMS below 8.5.10 and 9.0.0 up to 9.1.2. Remediation per provided sources is to upgrade to Concrete CMS 9.1.3 or higher,...
PT-2022-27049 · Unknown · Concrete Cms
Name of the Vulnerable Software and Affected Versions: Concrete CMS versions prior to 8.5.10 Concrete CMS versions 9.0.0 through 9.1.2 Description: The issue is related to Reflected XSS in the dashboard icons due to un-sanitized output. Recommendations: For Concrete CMS versions prior to 8.5.10,...
CVE-2022-43968
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS in the dashboard icons due to un-sanitized output. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...
CVE-2018-8048
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...
UBUNTU-CVE-2019-15587
In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished...
rubygem-loofah: XSS vulnerability due to unescaped comments within attributes by libxml2
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment...