88 matches found
Cross-Site Scripting in swagger-ui
Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.
...
CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...
UBUNTU-CVE-2019-19210
Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...
Mail.ru: Reflected XSS on am.ru and subdomains
Content-Type for JSON response was incorrectly set to text/html for am.ru, potentially leading to multiple XSS possibilities, including demonstrated reflected XSS vector via GET parameters...
CVE-2019-17632
In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...
CVE-2019-9763
An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...
[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27
Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...
Ruby on Rails: ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService
ActiveStorage tries to force content-disposition: attachment for a list of content-types, including text/html. However, response-content-type and response-content-disposition in GCS and DiskService's URLs aren't signed, which means an attacker can modify them at will. This is not the case for Azu...
ruby-grape Gem has XSS via "format" parameter
When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...
dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names
dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...
Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...
Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...
CVE-2016-5737
The Gerrit configuration in the Openstack Puppet module for Gerrit aka puppet-gerrit improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting XSS attacks via a crafted review...
UBUNTU-CVE-2016-5303
Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...
DEBIAN-CVE-2016-5303
Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...
devel/ipython -- remote execution
Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...
jcsmsy.jconline.cn XSS vulnerability
Open Bug Bounty ID: OBB-56765 Description| Value ---|--- Affected Website:| jcsmsy.jconline.cn Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
Cloudflare: Content spoofing /CSRF at https://www.cloudflare.com/ajax/modal-dialog.html
Hi there, I noticed two things on the following url: https://www.cloudflare.com/ajax/modal-dialog.html 1. CSRF There are some csrf countermeasures in place e.g. X-Requested-With: XMLHttpRequest, however they're not validated on the server. This leads to an uncritical csrf: 2. Content spoofing Usi...
Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource
The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...