Количество 2
Количество 2
CVE-2024-42515
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.
GHSA-hhhv-ggjx-q9j2
Glossarizer Cross-site Scripting vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-42515 Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry. | CVSS3: 9.9 | 0% Низкий | больше 1 года назад |
| GHSA-hhhv-ggjx-q9j2 Glossarizer Cross-site Scripting vulnerability | CVSS3: 6.1 | 0% Низкий | больше 1 года назад |
Уязвимостей на страницу