Lucene search
GoogleOSV:GHSA-3X58-XR87-2FCJHistoryMay 18, 2021 - 9:07 p.m.
Cross-site scripting in bluemonday
2021-05-1821:07:37
Google
osv.dev
10
0.001 Low
EPSS
Percentile
29.5%
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/microcosm-cc/bluemonday | lt | 1.0.5 |
References
github.com/microcosm-cc/bluemonday/commit/524f142fe46e945b7dcd291d7805c4b7dcf75bee
github.com/microcosm-cc/bluemonday/issues/111
github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5
nvd.nist.gov/vuln/detail/CVE-2021-29272
pkg.go.dev/vuln/GO-2022-0762
vuln.ryotak.me/advisories/4
vuln.ryotak.me/advisories/4.txt
Related
cve
cve
CVE-2021-29272
2021-03-27 18:15:13
nvd
nvd
CVE-2021-29272
2021-03-27 18:15:13
prion
prion
Design/Logic Flaw
2021-03-27 18:15:00
redhatcve
redhatcve
CVE-2021-29272
2021-03-29 18:02:59
veracode
veracode
Cross-site Scripting (XSS)
2021-03-29 04:20:50
alpinelinux
alpinelinux
CVE-2021-29272
2021-03-27 18:15:13
github
github
Cross-site scripting in bluemonday
2021-05-18 21:07:37
ubuntucve
ubuntucve
CVE-2021-29272
2021-03-27 00:00:00
osv
osv
Cross-site scripting due to incorrect sanitization in github.com/microcosm-cc/bluemonday
2021-05-18 21:07:37
CVE-2021-29272
2021-03-27 18:15:13
cvelist
cvelist
CVE-2021-29272
2021-03-27 17:57:28