8 matches found
GHSA-QH7X-J4V8-QW5W Clipboard-based XSS
Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...
Clipboard-based XSS
Impact XSS against the user. Details jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML causing XSS. References The Curious...
Cross-site scripting in Bleach
Impact A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default...
GHSA-8J9V-H2VP-2HHV XSS in HtmlSanitizer
Impact If you have explicitly allowed the tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the tag so there is no risk if you have not explicitly allowed the tag. Patches The problem has been fixed in version 5.0.372...
XSS in HtmlSanitizer
Impact If you have explicitly allowed the tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the tag so there is no risk if you have not explicitly allowed the tag. Patches The problem has been fixed in version 5.0.372...
Cross-site Scripting in October
Impact Pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. Patches Issue has been patched in Build 467 v1.0.467. Workarounds Apply https://github.com/octobercms/october/commit/b384954a29b89117e1c0d6035b3ede4f46df67c5 to your...
HP LaserJet Credential Disclosure / Missing Authentication
Some of the networked HP LaserJet printers have hidden URLs hardcoded in the firmware. The URLs are not authenticated and can be used to extract admin password in plaintext among other information like WiFi settings including WPS PIN. Models affected: HP LaserJet Pro P1102w, HP LaserJet Pro...
ASMAX AR 804 gu Web Management Console Arbitrary Shell Command Injection Vulnerability
ASMAX 804 gu router is a SOHO class device. It provides ADSL / WiFi / Ethernet interfaces. 2. There is an unauthenticated maintenance script named 'script' in /cgi-bin/ directory of the web management interface. 3. When 'system' paramether is passed to the script it allows running OS shell...