9 matches found
MediaWiki - Cargo Extension 安全漏洞
MediaWiki - Cargo Extension is an open-source plugin for querying and storing data in MediaWiki. Versions of MediaWiki - Cargo Extension prior to 3.8.7 contained security vulnerabilities, which were caused by improper handling of script-related HTML tags. These vulnerabilities could lead to...
PT-2026-4239
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in mwtemplates DeepDigital deepdigital allows Code Injection.This issue affects DeepDigital: from n/a through = 1.0.2...
PT-2025-50068
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in sevenspark Contact Form 7 Dynamic Text Extension contact-form-7-dynamic-text-extension allows Code Injection.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through = 5.0.3...
[SECURITY] Fedora 43 Update: python-ezdxf-1.4.3-3.fc43
This Python package is designed to facilitate the creation and manipulation of DXF documents, with compatibility across various DXF versions. It empowers users to seamlessly load and edit DXF files while preserving all content, except for comments. Any unfamiliar DXF tags encountered in the...
EUVD-2008-4114
Malware in sbrugna...
CVE-2020-11499
Firmware Analysis and Comparison Tool FACT 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongotaskconversion.py...
lxml_html_clean 安全漏洞
lxmlhtmlclean is a separate project of the Fedora Python SIG open source HTML cleanup function copied from lxml.HTML.clean. A security vulnerability exists in versions of lxmlhtmlclean prior to 0.4.0, which stems from improper handling of special tags and is vulnerable to cross-site scripting...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...