Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6830

Malicious code in bioql PyPI...

7.3CVSS6.8AI score0.00718EPSS
Exploits1References6
Gitee
Gitee
added 2025/09/21 12:23 a.m.174 views

anti-xss

This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...

5.6AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/01 12:0 a.m.4 views

PT-2023-6693 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: A logic error in the mb strpos function allows attackers to bypass XSS sanitization by placing HTML tags at the beginning of the payload, potentially leading to a cross-site scripting XSS attack. This...

9CVSS5.3AI score0.00594EPSS
Exploits1References13
NVD
NVD
added 2022/09/26 5:15 a.m.22 views

CVE-2022-21169

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

7.3CVSS0.00718EPSS
Exploits1References4
OSV
OSV
added 2022/09/26 5:15 a.m.14 views

CVE-2022-21169

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

6.1CVSS6.3AI score
Exploits0References4
Prion
Prion
added 2022/09/26 5:15 a.m.13 views

Cross site scripting

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

5.8CVSS6.2AI score0.00718EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/26 5:5 a.m.4 views

CVE-2022-21169 Prototype Pollution

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

7.3CVSS7.1AI score0.00718EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/09/26 5:5 a.m.26 views

CVE-2022-21169 Prototype Pollution

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

7.3CVSS7.3AI score0.00718EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2021/06/04 12:0 a.m.14 views

WordPress GiveWP Plugin < 2.10.4 XSS Vulnerability

The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

4.8CVSS5.3AI score0.00664EPSS
Exploits2References2
Github Security Blog
Github Security Blog
added 2020/09/03 3:53 p.m.28 views

Cross-Site Scripting in @toast-ui/editor

Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...

5.2AI score
Exploits0References5Affected Software1
Rows per page
Query Builder