10 matches found
EUVD-2021-1568
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-26870
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a...
GHSA-3244-8MFF-W398 Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...
GHSA-5325-XW5M-PHM3 Cross-site Scripting in ammonia
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...
Cross-site Scripting in ammonia
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...
CVE-2021-38193
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...
Design/Logic Flaw
An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...
[SECURITY] [DLA 2419-1] dompurify.js security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2419-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz October 29, 2020 https://wiki.debian.org/LTS -...
Design/Logic Flaw
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...