CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

EUVD•added 2026/04/13 9:30 p.m.•3 views

EUVD-2026-22089

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this...

5.3CVSS4.4AI score0.00036EPSS

Exploits0References5

CNNVD•added 2026/04/13 12:0 a.m.•3 views

ytDownloader 代码注入漏洞

ytDownloader is a multi-platform audio and video download tool developed by Andrew. Versions of ytDownloader 3.20.2 and earlier had a code injection vulnerability, which stemmed from a cross-site scripting attack involving the function createTextNode in the Error Details Panel component...

5.3CVSS5.7AI score0.00036EPSS

Exploits0References4

Amazon•added 2024/01/09 12:0 a.m.•3 views

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Note: This advisory is applicable to Amazon Linux 2 - Ecs Extra. Visit this page to...

6.1CVSS6.3AI score0.00098EPSS

Exploits0

Amazon•added 2024/01/08 12:0 a.m.•2 views

Medium: ecs-init

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: ecs-init Issue Correction: Run dnf update ecs-init --releasever 2023.3.20240108 or dnf update...

6.1CVSS8.6AI score0.00098EPSS

Exploits0

OSV•added 2023/08/02 8:15 p.m.•4 views

AZL-34582 CVE-2023-3978 affecting package cert-manager for versions less than 1.12.12-1

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...

6.1CVSS6.7AI score0.00098EPSS

Exploits0References1

OSV•added 2023/08/02 8:15 p.m.•3 views

AZL-44055 CVE-2023-3978 affecting package podman for versions less than 5.6.1-2

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack...

6.1CVSS6.7AI score0.00098EPSS

Exploits0References1

ATTACKERKB•added 2023/06/02 5:15 p.m.•1 views

CVE-2023-25737

An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

8.8CVSS5.9AI score0.00172EPSS

Exploits0References5

BDU FSTEC•added 2023/03/17 12:0 a.m.•0 views

The vulnerability in Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client occurs due to an improper reduction of data from nsTextNode to SVGElement. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird are related to an improper reduction of data from nsTextNode to SVGElement. Exploiting these vulnerabilities can allow attackers to compromise the confidentiality, integrity, and accessibility of...

7.6CVSS0.00172EPSS

Exploits0References12Affected Software8