Description
apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default.
libquartz: XXE attacks via job description.
novnc: XSS vulnerability via the messages propagated to the status field.
bootstrap: XSS in the tooltip or popover data-template attribute.
nimbus-jose-jwt: Uncaught exceptions while parsing a JWT.
ovirt-engine: response_type parameter allows reflected XSS.
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload.
ovirt-engine: Redirect to arbitrary URL allows for phishing.
Cross-site scripting due to improper injQuery.htmlPrefilter method.
jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution.