CVE-2023-0624

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html...

csaf_distribution 跨站脚本漏洞

csafdistribution is csaf-poc open source set of csaf tools. csafdistribution csafprovider versions prior to 0.8.2 has a security vulnerability , the vulnerability stems from its allows an attacker to achieve cross-site scripting through a well-crafted CSAF document uploaded as text/html...

CVE-2022-43996

The csafprovider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories JSON format to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories a...

USN-5182-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...

Cross-Site Request Forgery (CSRF) vulnerability in Jenkins global-build-stats plugin

Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting...

GHSA-5WQF-H3R3-GXVH Uncontrolled Resource Consumption in Apache CXF

Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote attackers to cause a denial of service memory consumption via a large request with the Content-Type set to text/html to a SOAP endpoint, which triggers an error...

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus

Impact Unauthorized JavaScript can be executed by inserting an iframe into the rich text html interface that links to a file uploaded HTML file that loads another uploaded JS file in its script tag. This satisfies the regular content security policy header, which in turn allows the file to run an...

PrestaShop 跨站脚本漏洞

Prestashop is a set of open source e-commerce solutions from the United States Prestashop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop that stems from PrestaShop before 1.5.2 that allows XSS via the...

Nextcloud: ApiService#fetch serves content as text/html and inline Content-Disposition

https://github.com/nextcloud/text/blame/0bc7c3300607d57ee512dbf61497daec23961a12/lib/Service/ApiService.phpL109-L120 Impact XSS...

PT-2021-17175 · Discord · Probot

Name of the Vulnerable Software and Affected Versions: ProBot bot through 2021-02-08 for Discord Description: The issue allows attackers to interfere with the intended purpose of the "Send an image when a user joins the server" feature, or possibly have unspecified other impact, because the...

The vulnerability of Firefox browsers, Firefox ESR, and the Thunderbird email client is related to the lack of protective measures for website structure, allowing attackers to carry out cross-site scripting attacks.

The vulnerabilities of Firefox browsers, Firefox ESR, and the email client Thunderbird are related to the lack of security measures for handling web page structures. Exploiting these vulnerabilities allows a remote attacker to perform cross-site scripting attacks by redirecting users to the...

Security Bulletin: IBM Cloud Functions web actions API endpoint change

Summary In order to improve the stability of the service and to prevent potential weaknesses in the services' web actions functionality we introduced a new IBM Cloud Functions API endpoint .functions.appdomain.cloud for web actions which use text/html response data. The previously used API endpoi...

Cross-Site Scripting in swagger-ui

Versions of swagger-ui prior to 2.2.1 are vulnerable to Cross-Site Scripting XSS. The package fails to encode output in GET requests. The request is meant to respond with Content-Type application/json which does not trigger the vulnerability but if the web server changes the header to text/html i...

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header.

...

CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

UBUNTU-CVE-2019-19210

Dolibarr ERP/CRM before 10.0.3 allows XSS because uploaded HTML documents are served as text/html despite being renamed to .noexe files...

Mail.ru: Reflected XSS on am.ru and subdomains

Content-Type for JSON response was incorrectly set to text/html for am.ru, potentially leading to multiple XSS possibilities, including demonstrated reflected XSS vector via GET parameters...

CVE-2019-17632

In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content in text/html and text/json Content-Type does not escape Exception messages in stacktraces included in error output...

CVE-2019-9763

An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an 'object data="data:text/html' substring in an e-mail message The vendor subsequently patched this...

[SECURITY] Fedora 27 Update: php-PHPMailer-5.2.27-1.fc27

Full Featured Email Transfer Class for PHP. PHPMailer features: Supports emails digitally signed with S/MIME encryption! Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs Works on any platform. Supports Text & HTML emails. Embedded image support. Multipart/alternative emails for mail...