Rails 跨站脚本漏洞

Rails is an open-source web application framework based on the Ruby language, developed by the Rails team in the United States. Versions of Rails prior to 8.1.2.1, 8.0.4.1, and 7.2.3.1 contained a cross-site scripting vulnerability. This vulnerability occurred when empty strings were used as HTML...

GHSA-GVPP-6JRJ-5PQC Zend-Form vulnerable to Cross-site Scripting

Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...

Cross Site Scripting (XSS)

baserproject/basercms is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper sanitation with the content management feature in View/Helper/BcAdminFormHelper.php, which allows an attacker to inject and execute arbitrary JavaScript in the browser...

SUSE CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...

Possible XSS vulnerability with certain configurations of rails-html-sanitizer

Summary There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. - Versions affected: ALL - Not affected: NONE - Fixed versions: 1.4.4 Impact A possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject...

TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper

Meta CVSS: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.1 Problem It has been discovered that the f:asset.css view helper is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Solution Update to TYPO3 version 10.4.32 or 11.5.16 that fix the probl...

TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...

TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...

PT-2022-23198 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 10.4.32 TYPO3 versions prior to 11.5.16 Description: The f:asset.css view helper in TYPO3 is vulnerable to cross-site scripting when user input is passed as variables to the CSS. Recommendations: Update to TYPO3 versio...

Design/Logic Flaw

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

TYPO3 vulnerable to Cross-Site Scripting in the textarea view helper

TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension...

GHSA-JQ4P-MQ33-W375 Cross-site Scripting when rendering error messages in laminas-form

Impact When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in vulnerable versions of laminas-form, the value was not being escaped for HTML contexts, which can potentially lead to a...

Cross site scripting

laminas-form is a package for validating and displaying simple and complex forms. When rendering validation error messages via the formElementErrors view helper shipped with laminas-form, many messages will contain the submitted value. However, in laminas-form prior to version 3.1.1, the value wa...

GHSA-HPJM-3WW5-6CPF Cross-Site Scripting through Fluid view helper arguments

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 5.7 CWE-79 Problem Three XSS vulnerabilities have been detected in Fluid: 1. TagBasedViewHelper allowed XSS throug maliciously crafted additionalAttributes arrays by creating keys with attribute-closing quotes followed by HTML...

Cross-Site Scripting through Fluid view helper arguments

Three XSS vulnerabilities have been detected in Fluid:...

TYPO3 跨站脚本漏洞

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. TYPO3 suffers from a cross-site scripting vulnerability that originates from insufficient processing of user-supplied data in the system extension Fluid typo3 / cms-fluid when...

Cross-Site Scripting through Fluid view helper arguments

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-009...

Cross-Site Scripting (XSS)

haffner/jhcaptcha extension of Typo3 is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser using the TypoScript parameters in the ReCaptcha Validator and View Helper pages...

CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...

UBUNTU-CVE-2012-4451

Multiple cross-site scripting XSS vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 Debug, 2 Feed\PubSubHubbub, 3 Log\Formatter\Xml, 4 Tag\Cloud\Decorator, 5 Uri, 6 View\Helper\HeadStyle, 7...