12 matches found
Cross-site Scripting (XSS)
Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS in the HTML generation process when a cell uses a custom number format containing the @ text placeholde...
[SECURITY] Fedora 44 Update: pspp-2.1.1-5.fc44
PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure...
Cross-site Scripting (XSS)
Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized user input in $REQUEST parameters being reflected in HTM...
EUVD-2020-6661
Malware in sbrugna...
CVE-2022-28598
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users...
PT-2022-19096 · Frappe · Frappe Erpnext
Name of the Vulnerable Software and Affected Versions: Frappe ERPNext version 12.29.0 Description: The issue arises from the software's failure to properly neutralize user-controllable input before it is placed in output that is used as a web page served to other users, leading to a potential XSS...
TYPO3 信息泄露漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association.TYPO3 suffers from an information disclosure vulnerability that stems from session identifiers not being properly present in the HTML output, which can be exploited by an attacker to cause...
CVE-2021-27658
exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users...
CVE-2020-14525
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users...
CVE-2020-0872
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'...
PT-2019-18165 · Philips · Philips Tasy Emr
Name of the Vulnerable Software and Affected Versions: Philips Tasy EMR versions 3.02.1744 and prior Description: The software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Recommendations: For versions...
security flaw
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...