Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45264

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 4:50 p.m.10 views

Cross-site Scripting (XSS)

Overview tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with nested SVG...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/28 4:50 p.m.10 views

Cross-site Scripting (XSS)

Overview tinymce/tinymce is a web-based JavaScript HTML WYSIWYG editor control. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of SVG namespace scope by the sanitizer. An attacker can execute arbitrary JavaScript by crafting a payload with neste...

8.7CVSS5.8AI score0.00191EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/11 3:30 p.m.11 views

Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

6.4CVSS5.5AI score0.00261EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/02/11 3:16 p.m.5 views

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

5.4CVSS5.5AI score
Exploits0References4
NVD
NVD
added 2025/11/19 5:15 p.m.6 views

CVE-2025-65019

Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter @astrojs/cloudflare with output: 'server', the image optimization endpoint /image contains a critical vulnerability in the isRemoteAllowed function that unconditionally allows data: protocol URLs. This enable...

6.1CVSS0.00218EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.2 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

9.9CVSS8.6AI score0.09204EPSS
Exploits1References5
Rows per page
Query Builder