Cross-site Scripting (XSS)

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the createDOMPurify function, via comments embedded in XML textarea attributes containing scripts. Details Cross-site scripting or XSS is a code...

GHSA-WWP2-X4RJ-J8RM NocoDB Vulnerable to Stored Cross-Site Scripting via Rich Text Cells

Summary Rich text cell content rendered via v-html without sanitization, enabling stored XSS. Details Rich text in TextArea.vue was parsed by markdown-it with html: true and injected via v-html without DOMPurify. A user with Editor role can inject arbitrary HTML that executes for all viewers...

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtAreaCode in the file /admin/addarea.php, which could...

Linux Distros Unpatched Vulnerability : CVE-2024-32464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could...

CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

CVE-2023-26474

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

Malicious code in @sporta-technology/d11-web-components.text-area (npm)

--- -= Per source details. Do not edit below this line.=-...

SUSE CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

Cross-site Scripting (XSS)

Overview actiontext is a package to edit and display rich text in Rails applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS within the Trix editor via ActionText::Attachable::ContentAttachment in the richtextarea tag. An attacker can introduce malicious...

UBUNTU-CVE-2024-32464

Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2...

PT-2024-24592 · Unknown · Actiontext

Name of the Vulnerable Software and Affected Versions: ActionText versions 7.1.0 through 7.1.3.3 ActionText version 7.2.0.beta1 Description: The issue arises from instances of ActionText::Attachable::ContentAttachment included within a rich text area tag, which could potentially contain unsanitiz...

CVE-2023-26474

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

CVE-2023-26474 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds...

XWiki Platform 访问控制错误漏洞

XWiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company XWiki. An access control error vulnerability exists in XWiki Platform that originates from the possibility of exploiting the privileges of existing document content authors to execute...

PT-2023-20665 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions 13.10 through 14.4.6 XWiki Platform versions 13.10 through 13.10.10 XWiki Platform versions 14.0 through 14.4.6 Description: The issue allows an attacker to use the rights of an existing document content author to...

FCMS 2.7.2 Cross Site Scripting

FCMS2.7.2 cms and earlier multiple stored XSS Vulnerability =================================================================================== Exploit Title: FCMS2.7.2 cms multiple stored XSS Vulnerability Download link...

Facebook Status Update With XFBML Injection

Facebook Status Update With XFBML Injection i Last week Acizninja DeadcOde share Tweaking Facebook Status with HTML button. Well today he is going to share another kind of cool tricks to tweak Facebook Status Update using XFBML Injection. With this tweak, we will do an injection on Facebook URL a...

CVE-2010-1546

Multiple eval injection vulnerabilities in the import functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with "administer page manager" privileges, to execute arbitrary PHP code via input to a text area, related to 1 the...

Opera Web Browser Multiple Vulnerabilities (Dec 2008) - Linux

Opera web browser is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Manipulating text input contents can allow execution of arbitrary code

Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code...