CVEs (4)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Antisamy Project NetappOracle11Active Iq Unified Manager AntisamyBanking Enterprise Default Management+8 moreNov 21, 2024 Jul 19, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. |
4Apache DebianNetapp+1 more60Access Manager Active Iq Unified ManagerAgile Engineering Data Management+57 moreNov 21, 2024 Apr 13, 2021 N/A· v4 4.8 MEDIUM· v3 5.8 MEDIUM· v2 In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files...Show more |
4Ckeditor DrupalFedoraproject+1 more11Agile Plm Application ExpressBanking Enterprise Default Management+8 moreNov 21, 2024 Mar 7, 2020 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected synt...Show more |
3Netapp OracleRedhat188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 moreJul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more |