CVE-2023-45106

Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...

CVE-2022-34316

IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452...

CVE-2022-47167

Cross-Site Request Forgery CSRF vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin = 2.8.4 versions...

CVE-2021-43265

In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element...

CVE-2020-24391

mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769...

CVE-2020-18748

Cross Site Scripting XSS in Typora v0.9.65 allows attackers to execute arbitrary code via mathjax syntax due to a mathjax configuration error in the mathematical formula blocks. This is a different vulnerability from CVE-2020-18221...

CVE-2018-11598

Espruino before 1.99 allows attackers to cause a denial of service application crash and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read during syntax parsing of certain for loops in jsparse.c...

CVE-2018-11591

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.c...

CVE-2011-3723

Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by READMEFILES/livehelp.php and certain other files...

CVE-2018-20911

cPanel before 70.0.23 allows code execution because "." is in @INC during a Perl syntax check of cpaddonsup SEC-359...

CVE-2018-20944

cPanel before 68.0.27 allows attackers to read a copy of httpd.conf that is created during a syntax test SEC-353...

CVE-2018-11593

Espruino before 1.99 allows attackers to cause a denial of service application crash and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing because strncpy is misused in jslex.c...

CVE-2018-11592

Espruino before 1.98 allows attackers to cause a denial of service application crash with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validation is missing in libs/graphics/jswrapgraphics.c...

gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS

A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially...

Information Disclosure

oxid-esales/oxideshop-ce is vulnerable to information disclosure. The vulnerability is due to improper error handling and also Smarty syntax errors in CMS pages that may allow an attacker to access user information...

CVE-2024-56526

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

OXID eShop May Display User Information

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure due to the improper handling of Smarty syntax errors in CMS pages. An attacker can expose sensitive user information by inducing a Smarty syntax error in a CMS page. Note: The official vendor's hotfix for this issue...

GHSA-QQCR-9JFC-35C4 OXID eShop May Display User Information

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...

CVE-2024-56526

An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error...