Lucene search
K

88 matches found

Github Security Blog
Github Security Blog
added 2020/09/11 9:22 p.m.47 views

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...

3.8AI score
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2020/09/03 7:0 a.m.2 views

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

...

6.1CVSS7AI score0.03646EPSS
Exploits2
NVD
NVD
added 2020/03/16 3:15 p.m.25 views

CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

5.4CVSS5.2AI score0.00928EPSS
Exploits1References3
OSV
OSV
added 2020/03/16 3:15 p.m.4 views

UBUNTU-CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

5.4CVSS5.8AI score0.00928EPSS
Exploits1References5
Hacker One
Hacker One
added 2020/02/18 8:45 p.m.22 views

Mail.ru: Reflected XSS on am.ru and subdomains

Content-Type for JSON response was incorrectly set to text/html for am.ru, potentially leading to multiple XSS possibilities, including demonstrated reflected XSS vector via GET parameters...

3.7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2019/11/25 10:15 p.m.21 views

CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...

6.1CVSS6.8AI score0.01905EPSS
Exploits0References2
OSV
OSV
added 2019/06/19 6:15 p.m.4 views

CVE-2019-9763

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

6.1CVSS5.8AI score0.01214EPSS
Exploits1References3
Fedora
Fedora
added 2018/11/27 3:13 a.m.41 views

[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...

8.8CVSS8.9AI score0.02211EPSS
Exploits0
Hacker One
Hacker One
added 2018/09/07 8:39 p.m.32 views

Ruby on Rails: ActiveStorage service's signed URLs can be hijacked via AppCache+Cookie stuffing trick when using GCS or DiskService

ActiveStorage tries to force content-disposition: attachment for a list of content-types, including text/html. However, response-content-type and response-content-disposition in GCS and DiskService's URLs aren't signed, which means an attacker can modify them at will. This is not the case for Azu...

4.3CVSS1.4AI score0.01311EPSS
Exploits1
RubySec
RubySec
added 2018/05/23 12:0 a.m.41 views

ruby-grape Gem has XSS via "format" parameter

When request on API contains the "format" parameter in GET, the input value of this parameter is rendered as the web-server responds with text/html header. Example: http://example.com/api/endpoint?format=%3Cscript%3Ealertdocument.cookie%3C/script%3E...

6.1CVSS1.5AI score0.01428EPSS
Exploits1References1Affected Software1
Kitploit
Kitploit
added 2017/09/20 2:0 p.m.28 views

dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/05/08 6:45 a.m.7 views

Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

6.1CVSS7AI score0.01546EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2017/04/21 12:49 a.m.10 views

Mozilla: Origin confusion when reloading isolated data:text/html URL (MFSA 2017-12)

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

6.1CVSS7AI score0.01546EPSS
Exploits1References5
OSV
OSV
added 2017/01/12 11:59 p.m.17 views

CVE-2016-5737

The Gerrit configuration in the Openstack Puppet module for Gerrit aka puppet-gerrit improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scripting XSS attacks via a crafted review...

6.1CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2016/12/20 10:59 p.m.51 views

UBUNTU-CVE-2016-5303

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

6.1CVSS6.5AI score0.01509EPSS
Exploits0References6
OSV
OSV
added 2016/12/20 10:59 p.m.31 views

DEBIAN-CVE-2016-5303

Cross-site scripting XSS vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form 1 action or 2 xlink attribute...

6.1CVSS6AI score0.01509EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2015/06/22 12:0 a.m.32 views

devel/ipython -- remote execution

Kyle Kelley reports: Summary: JSON error responses from the IPython notebook REST API contained URL parameters and were incorrectly reported as text/html instead of application/json. The error messages included some of these URL params, resulting in a cross site scripting attack. This affects use...

6.1CVSS6.6AI score0.01762EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2015/03/27 6:14 a.m.17 views

jcsmsy.jconline.cn XSS vulnerability

Open Bug Bounty ID: OBB-56765 Description| Value ---|--- Affected Website:| jcsmsy.jconline.cn Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.4AI score
Exploits0
Hacker One
Hacker One
added 2014/04/21 7:45 p.m.42 views

Cloudflare: Content spoofing /CSRF at https://www.cloudflare.com/ajax/modal-dialog.html

Hi there, I noticed two things on the following url: https://www.cloudflare.com/ajax/modal-dialog.html 1. CSRF There are some csrf countermeasures in place e.g. X-Requested-With: XMLHttpRequest, however they're not validated on the server. This leads to an uncritical csrf: 2. Content spoofing Usi...

6.7AI score
Exploits0
Atlassian
Atlassian
added 2013/01/02 4:17 a.m.25 views

Reflected xss in the jira-gadgets-plugin getLabelGroups rest resource

The jira-gadgets-plugin LabelsResource class exposes a getLabelGroups rest resource that is vulnerable to reflected xss through the user supplied 'project' path parameter. The vulnerability is caused by building an error response message with a content type of text/html and not html encoding the...

0.2AI score
Exploits0
Rows per page
Query Builder