Lucene search
K

221 matches found

Veracode
Veracode
added 2019/01/15 8:52 a.m.39 views

Cross-site Scripting (XSS)

Python SimpleHTTPServer is vulnerable to cross-site scripting XSS. The listdirectory function in Lib/SimpleHTTPServer.py does not set a charset parameter in the Content-Type HTTP header, allowing an attacker to inject arbitrary Javascript through UTF-7 encoding into Internet Explorer 7 browser vi...

2.6CVSS5.5AI score0.03213EPSS
Exploits1References19Affected Software1
Exploit DB
Exploit DB
added 2018/11/30 12:0 a.m.66 views

PhpSpreadsheet < 1.5.0 - XML External Entity (XXE)

Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One vulnerability was identified within the PhpSpreadsheet...

8.8CVSS8.7AI score0.07791EPSS
Exploits4
Friends Of PHP
Friends Of PHP
added 2018/11/22 11:7 p.m.64 views

XXE Vulnerability

This is: - X a bug report - a feature request - not a usage question ask them on https://stackoverflow.com/questions/tagged/phpspreadsheet or https://gitter.im/PHPOffice/PhpSpreadsheet What is the expected behavior? The securityScan function is used to prevent XXE attacks. What is the current...

8.8CVSS8.5AI score0.07791EPSS
Exploits4Affected Software1
OSV
OSV
added 2018/11/14 11:29 a.m.22 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS6.7AI score
Exploits0References4
NVD
NVD
added 2018/11/14 11:29 a.m.10 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.8CVSS8.7AI score0.07791EPSS
Exploits4References4
Prion
Prion
added 2018/11/14 11:29 a.m.19 views

Design/Logic Flaw

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

6.8CVSS8.6AI score0.07791EPSS
Exploits4References4Affected Software1
Cvelist
Cvelist
added 2018/11/14 11:0 a.m.43 views

CVE-2018-19277

securityScan in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

8.7AI score0.07791EPSS
Exploits4References4
CVE
CVE
added 2018/11/14 11:0 a.m.1103 views

CVE-2018-19277

CVE-2018-19277 affects PhpSpreadsheet (PHPOffice) up to version 1.5.0. The flaw: the library’s XML handling in Xlsx files can bypass protection via UTF-7 encoding, enabling an XML External Entity (XXE) attack. Root cause per sources: XmlScanner/Xml parsing when declared encoding differs from UTF-...

8.8CVSS8.5AI score0.07791EPSS
Exploits4References4Affected Software1
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.36 views

CVE-2014-9059

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

4.3CVSS5.9AI score0.01832EPSS
Exploits0References2
Prion
Prion
added 2014/11/24 11:59 a.m.16 views

Cross site scripting

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

4.3CVSS6AI score0.01832EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/11/24 11:0 a.m.22 views

CVE-2014-9059

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...

5.6AI score0.01832EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.45 views

McAfee Superscan 4.0 - XSS Vulnerability

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-024: Cross Site Scripting XSS vulnerability in McAfee Superscan 4.0 Published: 08/02/2013 Version: 1.0 Vendor: McAfee http://www.mcafee.com/ Product: SuperScan Version affected: v4.0 Product description: SuperScan ...

4.3CVSS6.6AI score0.0427EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Microsoft Internet Explorer 2.0 - UTF-7 HTTP Response Handling Weakness

No description provided by source. source: http://www.securityfocus.com/bid/29112/info Microsoft Internet Explorer is prone to a weakness that can facilitate cross-site scripting attacks. The issue occurs because the application fails to sufficiently sanitize user-supplied input when handling UTF...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

MediaWiki 1.x AJAX Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/01/21 6:0 p.m.36 views

CVE-2013-4884

Cross-site scripting XSS vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report...

5.6AI score0.0427EPSS
Exploits5References6
NVD
NVD
added 2013/11/18 2:55 a.m.17 views

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

4.3CVSS6.9AI score0.02502EPSS
Exploits0References11
OSV
OSV
added 2013/11/18 2:55 a.m.7 views

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

6.9AI score
Exploits0References11
UbuntuCve
UbuntuCve
added 2013/11/18 2:55 a.m.24 views

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

4.3CVSS5.8AI score0.02502EPSS
Exploits0References2
Prion
Prion
added 2013/11/18 2:55 a.m.17 views

Cross site scripting

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

4.3CVSS5.9AI score0.02502EPSS
Exploits0References11Affected Software1
Cvelist
Cvelist
added 2013/11/15 6:16 p.m.25 views

CVE-2013-2031

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox...

6.9AI score0.02502EPSS
Exploits0References11
Rows per page
Query Builder