PT-2023-10131 · Unknown · Peel Filebroker

Name of the Vulnerable Software and Affected Versions: peel filebroker affected versions not specified Description: A critical vulnerability was found in peel filebroker, affecting the select transfer status desc function of the file lib/common.rb. The issue leads to SQL injection. This...

EulerOS Virtualization 3.0.2.6 : mariadb (EulerOS-SA-2023-1071)

According to the versions of the mariadb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - MariaDB through 10.5.9 allows an application crash in findfieldintables and findorderinlist via an unused common table expressio...

MediaTek 安全漏洞

MediaTek chips are a variety of chips from MediaTek, a Chinese company MediaTek. A security vulnerability exists in MediaTek that originates from an out-of-bounds write in mdp due to incorrect error handling, which may result in a local privilege escalation that requires system execution...

PT-2025-37651

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel where a NULL dereference may occur within the mac80211 hwsim select tx link function. This happens when the sta pointer is NULL, leading to a potential...

Acronis TrueImage XPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Acronis TrueImage XPC Privilege Escalation', 'Description' = %q Acronis TrueImage versions 2019 update 1 through 2021 update 1 are vulnerable to...

DEBIAN-CVE-2022-46342

A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X se...

DEBIAN-CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

UBUNTU-CVE-2022-23520

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...

Cross-site Scripting (XSS)

rails-html-sanitizer is vulnerable to cross site scripting. The vulnerability exists in the loofahusinghtml5? and removesafelisttagcombinations functions in sanitizer.rb because it enables an attacker to inject content when the application developer has overridden the sanitizer's allowed tags to...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization which may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both select and style elements. This is due...

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This is due to an incomplete fix of CVE-2022-32209. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

Microweber 跨站脚本漏洞

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version 1.3.1, which allows an...

CVE-2022-0698

Microweber version 1.3.1 allows an unauthenticated user to perform an account takeover via an XSS on the 'select-file' parameter...

PT-2022-13369 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: Microweber version 1.3.1 Description: The issue allows an unauthenticated user to perform an account takeover via a Cross-Site Scripting XSS attack on the select-file parameter. There is a patch available in the development branch, but it has...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

owasp-java-html-sanitizer: improper policies enforcement may lead to remote code execution

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...