4 matches found
AWS SDK for .NET: Improper escaping of special characters in CloudFront policy document construction
This notification is related to the CloudFront signing utilities in the AWS SDK for .NET, which are used to generate Amazon CloudFront signed URLs and signed cookies. A defense-in-depth enhancement has been implemented to improve handling of special characters, such as double quotes and...
yt-dlp OS Command Injection Vulnerability
yt-dlp is based on the youtube-dl branch of the now inactive youtube-dlc. yt-dlp suffers from an operating system command injection vulnerability that stems from not properly escaping special characters...
Code injection
JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes ' in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users...
Cross-Site Scripting (XSS)
bootstrap-3-typeahead is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser due to improper special characters escaping...