jomo

4 exploits Active since Jul 2015
CVE-2016-4567 WRITEUP MEDIUM WRITEUP
MediaElement.js < 2.21.0 - Cross-Site Scripting via FlashMediaElement.as jsinitfunction Parameter
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
CVSS 6.1
CVE-2015-5147 WRITEUP WRITEUP
Redcarpet < 3.3.2 - Stack-Based Buffer Overflow in HTML Renderer
Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
CVE-2020-26298 WRITEUP MEDIUM WRITEUP
Redcarpet < 3.5.1 - Cross-Site Scripting via Quote Processing
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVSS 6.8
CVE-2024-24756 WRITEUP HIGH WRITEUP
crafatar < 2.1.5 - Path Traversal via Public Directory Request
Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5.
CVSS 7.5