10 matches found
EUVD-2022-6830
Malicious code in bioql PyPI...
anti-xss
This is a PHP library called AntiXSS, which is designed to prevent cross-site scripting XSS attacks. The library provides a set of functions to sanitize user input and protect against XSS vulnerabilities. The library is maintained by Lars Moelleken and is available on Packagist, a popular PHP...
PT-2023-6693 · Bitrix +1 · Bitrix24 +1
Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: A logic error in the mb strpos function allows attackers to bypass XSS sanitization by placing HTML tags at the beginning of the payload, potentially leading to a cross-site scripting XSS attack. This...
CVE-2022-21169
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...
CVE-2022-21169
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...
Cross site scripting
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...
CVE-2022-21169 Prototype Pollution
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...
CVE-2022-21169 Prototype Pollution
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...
WordPress GiveWP Plugin < 2.10.4 XSS Vulnerability
The WordPress plugin Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
Cross-Site Scripting in @toast-ui/editor
Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting XSS. There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser. Recommendation Upgrade to version 2.2.0 or later...