Filtered by vendor Owasp
Subscribe
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23899 | 1 Owasp | 1 Json-sanitizer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents. | |||||
| CVE-2020-13973 | 1 Owasp | 1 Json-sanitizer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript. | |||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Dependency-Track before 3.5.1 allows XSS. | |||||
| CVE-2018-16384 | 1 Owasp | 1 Owasp Modsecurity Core Rule Set | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | |||||
| CVE-2018-12036 | 1 Owasp | 1 Dependency-check | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | |||||
| CVE-2010-3300 | 1 Owasp | 1 Enterprise Security Api For Java | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | |||||
| CVE-2023-48171 | 1 Owasp | 1 Defectdojo | 2024-09-18 | N/A | 8.8 HIGH |
| An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | |||||