Lucene search
K

4 matches found

UbuntuCve
UbuntuCve
added 2026/05/07 3:16 p.m.9 views

CVE-2026-41650

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.8AI score0.00238EPSS
Exploits1References3
OSV
OSV
added 2026/05/07 1:36 p.m.2 views

CVE-2026-41650 fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "--" sequence in comment content or the "" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection...

6.1CVSS5.9AI score0.00238EPSS
Exploits1References4
Prion
Prion
added 2022/12/13 9:15 p.m.20 views

Cross site scripting

HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the...

5.8CVSS6AI score0.00438EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2022/05/13 1:9 a.m.4 views

EUVD-2013-6247

The davxmlgetcdata function in main/util.c in the moddav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service daemon crash via a crafted DAV WRITE request...

5CVSS7AI score0.26831EPSS
Exploits2References76
Rows per page
Query Builder