Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2016-0041
Good to know:
Date: March 11, 2016
In rendr-handlebarsthere are double-escaped data attributes in client side view placeholder that cause a potential XSS attack
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix
Upgrade Version
Upgrade to version gajendrajain20/laravel-pioneer-cms - no_fix;aropixel/admin-bundle - v1.2.20;aropixel/admin-bundle - v0.1.6;aropixel/admin-bundle - v1.2.44;aropixel/admin-bundle - v1.2.40;aropixel/admin-bundle - 1.2.30;aropixel/admin-bundle - v1.2.37;aropixel/admin-bundle - no_fix;aropixel/admin-bundle - v1.3.8;aropixel/admin-bundle - dev-feature/v1.2.36/david/multilang;zafranf/zetthcore - v0.4.39;zafranf/zetthcore - v0.5.0;zafranf/zetthcore - v0.4.35;zafranf/zetthcore - no_fix;zafranf/zetthcore - v0.1.0;dolivel/base - 0.0.7;dolivel/base - 0.0.6;dolivel/base - 0.0.3;dolivel/base - 0.0.4;dolivel/base - 0.0.2;dolivel/base - 0.0.5;msppack/ddsadmin - 2.0.0;msppack/ddsadmin - 3.2.0;mangrove/rapyd-laravel - 1.0.0;mangrove/rapyd-laravel - no_fix;mangrove/rapyd-laravel - 1.3.26;romjkeeeen/fix-cms-core1 - no_fix;intelogie/bootstrap-tagsinput - 0.1.0;arthurgroup/websitebuilder - dev-admin_redesign;arthurgroup/websitebuilder - dev-custom_field_button;arthurgroup/websitebuilder - 1.0.10.x-dev;arthurgroup/websitebuilder - dev-update_custom_fields_design;arthurgroup/websitebuilder - dev-fix_backup_encoding_v2;arthurgroup/websitebuilder - dev-newsletter_module;arthurgroup/websitebuilder - dev-1.2-test-pm;arthurgroup/websitebuilder - 1.1.8.x-dev;arthurgroup/websitebuilder - 1.1.11.x-dev;arthurgroup/websitebuilder - dev-tg;piksera/core - no_fix;za-laravel/laravel-admin - no_fix;laramod/admin-core - no_fix;laramod/admin-core - 0.1.0;ovic-core/framework - no_fix;zofe/rapyd - 2.0.0;zofe/rapyd - 1.1.1;zofe/rapyd - no_fix;zofe/rapyd - 1.3.8;zofe/rapyd - 1.0.0;zofe/rapyd - 2.2.1;zofe/rapyd - 1.3.1;johnhed/admindek - no_fix;syscover/pulsar - v2.0.12;syscover/pulsar - no_fix;syscover/pulsar - 1.0;syscover/pulsar - v2.0.19;syscover/pulsar - v2.0.17;drauta/blog-laravel - no_fix;chuckbe/chuckcms - v0.1.31;chuckbe/chuckcms - v0.1-beta.6;chuckbe/chuckcms - dev-feature/multisite;chuckbe/chuckcms - v0.1-beta.2;chuckbe/chuckcms - v0.1.24;chuckbe/chuckcms - v0.1.21;chuckbe/chuckcms - v0.1.26;chuckbe/chuckcms - v0.1.14;chuckbe/chuckcms - v0.1.19;chuckbe/chuckcms - v0.1.1;moravio/zofe-rapyd - 2.2.1;moravio/zofe-rapyd - 2.0.0;moravio/zofe-rapyd - 1.0.0;moravio/zofe-rapyd - no_fix;moravio/zofe-rapyd - 1.1.1;moravio/zofe-rapyd - 1.3.1;Albedo.Portal.Dependencies - no_fix;khaled3afan/linkati - no_fix;codigu/codicms - no_fix;codigu/codicms - dev-feature/add_new_migration;lemon/yii2-inspinia - no_fix;tianrosandhy/base-cms - v1.4.0;tianrosandhy/base-cms - no_fix;tianrosandhy/base-cms - v1.0.0;tianrosandhy/base-cms - v2.2.1;tianrosandhy/base-cms - v2.1.2;tianrosandhy/base-cms - v2.2.3;dgvai/laravel-adminlte-components - no_fix;dgvai/laravel-adminlte-components - 1.0.0;bretto36/rapyd-laravel - no_fix;bretto36/rapyd-laravel - 1.0.0;bretto36/rapyd-laravel - 2.2.1;bretto36/rapyd-laravel - v1.01;bretto36/rapyd-laravel - 2.0.0;bretto36/rapyd-laravel - 1.3.1;adwconsulting/adw-helper - no_fix;bonweb/laradmin - no_fix;skeeks/yii2-tagsinput - no_fix;skeeks/yii2-tagsinput - 1.0.0;voila_cms/crudbooster - v2.0.1;voila_cms/crudbooster - no_fix;voila_cms/crudbooster - dev-master;fesal_voila/cms_base_voila - no_fix;emiliosh/rapyd - 1.0;kriss/yii2-beyond-admin-asset - no_fix;hakoncms/hakoncms - no_fix;soda-framework/bootlegcms - 1.0;novikoff/personal - no_fix;doitonlinemedia/admin - no_fix;keshancs/inspinia-admin-bundle - 1.1.1;procoders/admin - 1.0.0;lkk/yii2-inspinia - 0.1;lkk/yii2-inspinia - no_fix;futurando-oficial/cakephp-admin - dev-feature/changes;futurando-oficial/cakephp-admin - dev-feature/changes_tproject;futurando-oficial/cakephp-admin - dev-release/v1.0.1;futurando-oficial/cakephp-admin - no_fix;xindong888/yii2tags - no_fix;toulen/liudian_admin - 1.0;toulen/liudian_admin - no_fix;microweber/microweber - no_fix;microweber/microweber - 1.0.x-dev;microweber/microweber - 1.1.x-dev;microweber/microweber - oop-preview;microweber/microweber - 1.0.2.x-dev;microweber/microweber - dev-revert-700-1.2;arwp/main-master - no_fix;formelo/cli - no_fix;IIKI.BaseApp.Web - no_fix;vis/builder_lara_5 - no_fix;vis/builder_lara_5 - 1.0.681;vis/builder_lara_5 - 3.0.85;vis/builder_lara_5 - 2.1.201;vis/builder_lara_5 - 2.1.141;vis/builder_lara_5 - 3.0.108;vis/builder_lara_5 - 3.0.95;vis/builder_lara_5 - 3.0.63;vis/builder_lara_5 - 2.1.165;vis/builder_lara_5 - 3.0.91;vis/builder_lara_5 - 2.1.189;vis/builder_lara_5 - 1.0.695;vis/builder_lara_5 - tag;vis/builder_lara_5 - 2.1.216;vis/builder_lara_5 - 3.0.101;vis/builder_lara_5 - 2.1.211;vis/builder_lara_5 - 3.0.82;vis/builder_lara_5 - 3.0.39;vis/builder_lara_5 - 1.0.163;vis/builder_lara_5 - 3.0.2;vis/builder_lara_5 - 1.0.271;vis/builder_lara_5 - 1.0.609;vis/builder_lara_5 - 3.0.65;vis/builder_lara_5 - 3.0.99;vis/builder_lara_5 - v3.x-dev;vis/builder_lara_5 - 1.0.693;vis/builder_lara_5 - 3.0.57;vis/builder_lara_5 - 2.1.101;vis/builder_lara_5 - 2.0.109;vis/builder_lara_5 - 3.0.10;snizhko/rapyd - 1.0.0;snizhko/rapyd - no_fix;snizhko/rapyd - 1.2.0;snizhko/rapyd - 1.1.1;snizhko/rapyd - 1.3.1;novadevs-opensource/simultra-wms - no_fix;novadevs-opensource/simultra-wms - dev-dependabot/npm_and_yarn/url-parse-1.5.3;novadevs-opensource/simultra-wms - dev-dependabot/npm_and_yarn/follow-redirects-1.14.7;novadevs-opensource/simultra-wms - dev-dependabot/npm_and_yarn/tar-4.4.15;novadevs-opensource/simultra-wms - v0.1.1;tinindja/microweber-for-laravel-5.8 - oop-preview;tinindja/microweber-for-laravel-5.8 - 1.1.x-dev;tinindja/microweber-for-laravel-5.8 - no_fix;tinindja/microweber-for-laravel-5.8 - 1.0.2.x-dev;digitaldev-lx/magnifinance - dev-master;isack999/yii2-tagsinput - 1.0.0;isack999/yii2-tagsinput - no_fix;newday-me/think-cms - 0.0.1;newday-me/think-cms - 2.0.0;vuthaihoc/rapyd - 2.2.1;vuthaihoc/rapyd - 2.0.0;vuthaihoc/rapyd - 1.1.1;vuthaihoc/rapyd - 1.0.0;vuthaihoc/rapyd - 1.3.1;vuthaihoc/rapyd - no_fix;laramaker/rapyd - no_fix;woldy/cms - no_fix;devp-eu/tmcms-core - no_fix;madedwi/yii2-admincms - v0;madedwi/yii2-admincms - no_fix;midsmr/laravel-angular - no_fix;midsmr/laravel-angular - dev-dependabot/github_actions/dependabot/fetch-metadata-1.3.4;snizhko_zofe/rapyd - 1.1.1;snizhko_zofe/rapyd - 1.0.0;snizhko_zofe/rapyd - no_fix;snizhko_zofe/rapyd - 1.3.1;snizhko_zofe/rapyd - 1.2.0;wbe/rapyd - 2.2.1;wbe/rapyd - 1.0.0;wbe/rapyd - 1.1.1;wbe/rapyd - no_fix;wbe/rapyd - 2.0.0;wbe/rapyd - 1.3.1;ramiawadallah/boomvel - no_fix;dizatech/rapyd - no_fix;spiderwork/laravel-dashboard - no_fix;forkcms/forkcms - dev-dependabot/composer/mailmotor/mailmotor-bundle-4.0.2;forkcms/forkcms - dev-dependabot/composer/symfony/symfony-4.4.51;mladindima/rapyd - 1.1.1;mladindima/rapyd - 1.3.1;mladindima/rapyd - 1.0.0;mladindima/rapyd - 1.2.0;mladindima/rapyd - no_fix;tellaw/sunshine-admin-bundle - v0.9.10;tellaw/sunshine-admin-bundle - v0.9.23;tellaw/sunshine-admin-bundle - v0.9.21;dancesmile/fastadmin - 1.1;dancesmile/fastadmin - no_fix;pantech/retailak-fashion - no_fix;sergeyugai/badpack - dev-dependabot/composer/symfony/http-kernel-5.4.20;jimmlog/inspinia-theme - v2.6.0;imagina/bcrud-module - 2.0.0;skullyframework/skully-admin - v.0.1.7;icemanbsi/full-silex-admin - no_fix;pygon-git/plugin-core - 0.0.1;pygon-git/plugin-core - no_fix;Albedo.Dependencies - 1.1.58;cargic/blog - no_fix;guoyu/yii2admin - no_fix;sashapekh/builder_lara_5 - no_fix;Gcms.CoreLibrary - no_fix;hongyukeji/inspinia - no_fix;centurion/app - no_fix;xdd/x-template - no_fix;alirezab/admin-panel - 1.1;newbranding/blog - 1.0;newbranding/blog - no_fix;aerni/translator - dev-dependabot/npm_and_yarn/minimist-1.2.6;yuwaka/helper - no_fix;camael24/sohapi - 0.1;lemlabs/common-bundle - dev-master;waigeo/jsloggerbundle - 1.0.0;waigeo/jsloggerbundle - 1.0.1;serverfireteam/rapyd-laravel - 1.0.0;serverfireteam/rapyd-laravel - 1.3.26;serverfireteam/rapyd-laravel - no_fix;bootsetrap/bootsetrapmd - no_fix;ado/formx - no_fix;nova-framework/novacms - no_fix;dot/auth - 0.1.5;edutalk-cms/assets-management - 1.0.0;edutalk-cms/assets-management - no_fix;someline/someline-starter - dev-development;someline/someline-starter - v0.0.1;someline/someline-starter - no_fix;imzhi/jf-admin - no_fix;soyamore/quizapp - no_fix;tianrosandhy/cms - v0.1;tianrosandhy/cms - no_fix;ush-webdev/cms - no_fix;bootstrap-tagsinput - no_fix;arx/arxmin - 5.0.1;tec-more/assets-management - 1.0.0;tec-more/assets-management - 3.0.2;publicare/publicare3 - no_fix;greenelf/rapyd-laravel - no_fix;lupael/admindek-laravel - no_fix;dot/platform - 0.4.26;dot/platform - dev-production;fesal/cms_base_voila - no_fix;bitpixel/springcms - no_fix;CmjMVCUI - no_fix;hirenmangukiya/autocrud - no_fix;sonlabs/php-paypal - no_fix;kun391/yii2-tagsinput - no_fix;rashidul/river - no_fix;3xw/attachment - 3.8.0.1;3xw/attachment - 0.3.1.5;3xw/attachment - 4.0.0.1;spiderworks/dashboard - no_fix;TRA.EServices.FormBuilder - no_fix;tmfw/template - no_fix;tmfw/template - 0.1.1;sgsoft-studio/webed - 2.0.8;michalwolinski/wbiztool-laravel - dev-dependabot/composer/symfony/http-foundation-4.4.7;opensmarty/opensmarty-starter - no_fix;semisalov/fix-cms-core - no_fix;phuongnamsoft/admin - no_fix;Bnsights.Mvc2 - no_fix;labo/admin-bundle - no_fix;mshule/laravel-pipes - v1.2;constantingd/bootstrap-tagsinput - no_fix;psytelepat/lootbox - no_fix;wi-development/my-framework - 0.1;nosh2/nosh2 - dev-dependabot/npm_and_yarn/ini-1.3.8;nosh2/nosh2 - dev-dependabot/composer/guzzlehttp/guzzle-7.4.3;nosh2/nosh2 - no_fix;leskhq/laravel-enterprise-starter-kit - no_fix;sjtu-umji-tech/ji-life - no_fix;vis/builder - no_fix;vis/builder - 1.1.2;someline/someline-starter-app - no_fix;fenghuilee/phalbee-admin - no_fix;e282486518/yii2admin - no_fix;dsteiner23/drupal-theme-inspinia - no_fix;delatbabel/admin - no_fix;rbshubham/yii2-widget-tagsinput - no_fix;rbshubham/yii2-widget-tagsinput - 4.0;skcms/admin-bundle - no_fix;laradium/laradium - dev-htmlpreview;navatech/yii2-cms - no_fix;stackup/auth - no_fix;webcol/calima - no_fix;egorryaroslavl/admin - 1.0.2;egorryaroslavl/admin - no_fix;andrewradchenko/hostcms - no_fix;ddpro/admin - no_fix;heimrichhannot/contao-tagsinput - 3.0.0-beta0;heimrichhannot/contao-tagsinput - no_fix;ClientApp.Web - 2.0.0.1;tfarias/instalador-tfarias - dev-master;tfarias/instalador-tfarias - no_fix;s-dev/cms_lara_5 - no_fix;erenmustafaozdal/laravel-modules-core - v0.1.0;feiron/felaraframe - BetaV1.4;bootleg/cms - 1.0;fadli-dev/treant - no_fix;simexis/rapyd - 1.0.0;cideator/ciadmin - no_fix;tokalink/starter - no_fix;codigu/copya - no_fix;skullyframework/project - 0.1.x-dev;life2016/bootstrap-tagsinput - no_fix;bootstrap-tagsinput - 1.8.1;etdsolutions/bootstrap-tags-input - no_fix;spiderworks/miniweb - no_fix;CMS.Web - no_fix;maxyc/laravel-adminlte-components - no_fix;sentora/laravel-base-sentora - no_fix;writecl/rapyd - 4.0.0;moxuandi/yii2-tagsinput - no_fix;pozoltd/pz - dev-pz;org.webjars:bootstrap-tagsinput:no_fix;org.webjars.npm:github-com-bootstrap-tagsinput-bootstrap-tagsinput:no_fix;org.webjars.bower:bootstrap-tagsinput:0.8.0;org.webjars.bower:github-com-bootstrap-tagsinput-bootstrap-tagsinput:no_fix
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | REQUIRED |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | NONE |