Lucene search
+L

105 matches found

RedhatCVE
RedhatCVE
added 2023/03/01 6:30 p.m.45 views

CVE-2023-0507

A flaw was found in the GeoMap Grafana plugin, where a user can store unsanitized HTML in the GeoMap plugin under the Attribution text field, and the client will process it. The vulnerability makes it possible to use XHR to make arbitrary API calls on behalf of the attacked user. This means that ...

7.3CVSS5.6AI score0.1546EPSS
Exploits0References4
OSV
OSV
added 2018/11/07 5:29 a.m.11 views

CVE-2018-19047

mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a 'img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HT...

10CVSS9.3AI score
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.4 views

DEBIAN-CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

9.8CVSS8.6AI score0.02916EPSS
Exploits0References1
exploitpack
exploitpack
added 2002/07/01 12:0 a.m.12 views

BlackBoard 5.0 - Cross-Site Scripting

BlackBoard 5.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2002/07/01 12:0 a.m.28 views

BlackBoard 5.0 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit this condition via a malicious lin...

7.4AI score
Exploits0
Rows per page
Query Builder