Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cdata vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-24243
CData RSB Connect v22.0.8336 exists to contain a Server-Side Request Forgery (SSRF).
Cdata Arc
7.5
CVSSv3
CVE-2019-12041
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.
Remarkable Project Remarkable 1.7.1
9.8
CVSSv3
CVE-2021-23899
OWASP json-sanitizer prior to 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an malicious user to inject arbitrary HTML or XML into embedding documents.
Owasp Json-sanitizer
1 Github repository
NA
CVE-2009-5065
Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) prior to 5.0 allows remote malicious users to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.
Mark Pilgrim Feedparser 4.0.1
Mark Pilgrim Feedparser 3.3
Mark Pilgrim Feedparser 3.2
Mark Pilgrim Feedparser 3.1
Mark Pilgrim Feedparser 4.0
Mark Pilgrim Feedparser 4.0.2
Mark Pilgrim Feedparser
Mark Pilgrim Feedparser 3.0.1
Mark Pilgrim Feedparser 3.0
1 EDB exploit
NA
CVE-2024-31849
A path traversal vulnerability exists in the Java version of CData Connect < 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain complete administrative access to the application.
NA
CVE-2024-31848
A path traversal vulnerability exists in the Java version of CData API Server < 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain complete administrative access to the application.
6.1
CVSSv3
CVE-2024-24815
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 before 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or ena...
Ckeditor Ckeditor
NA
CVE-2024-31850
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain access to sensitive information and perform limited actions.
NA
CVE-2024-31851
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote malicious user to gain access to sensitive information and perform limited actions.
6.1
CVSSv3
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »