Lucene search
+L

114 matches found

OSV
OSV
added 2022/12/14 1:23 p.m.34 views

CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0, 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1...

6.1CVSS6.1AI score0.00792EPSS
Exploits0References7
OSV
OSV
added 2022/12/13 5:45 p.m.30 views

GHSA-MCVF-2Q2M-X72M Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary rails-html-sanitizer = 1.0.3, = 2.1.0. Mitigation Upgrade to rails-html-sanitizer = 1.4.4. Severity The maintainers have evaluated this as Medium Severity 6.1. References - CWE - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 4.9 - SVG MIME Type...

6.1CVSS6AI score0.00867EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/12/13 5:45 p.m.40 views

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary rails-html-sanitizer = 1.0.3, = 2.1.0. Mitigation Upgrade to rails-html-sanitizer = 1.4.4. Severity The maintainers have evaluated this as Medium Severity 6.1. References - CWE - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 4.9 - SVG MIME Type...

6.1CVSS6AI score0.00867EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2022/12/13 5:39 p.m.35 views

GHSA-228G-948R-83GX Improper neutralization of data URIs may allow XSS in Loofah

Summary Loofah = 2.1.0, = 2.19.1. Severity The Loofah maintainers have evaluated this as Medium Severity 6.1. References - CWE - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 4.9 - SVG MIME Type image/svg+xml is misleading to developers · Issue 266 ·...

6.1CVSS6.2AI score0.00792EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/12/13 5:39 p.m.28 views

Improper neutralization of data URIs may allow XSS in Loofah

Summary Loofah = 2.1.0, = 2.19.1. Severity The Loofah maintainers have evaluated this as Medium Severity 6.1. References - CWE - CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' 4.9 - SVG MIME Type image/svg+xml is misleading to developers · Issue 266 ·...

6.1CVSS1.4AI score0.00792EPSS
Exploits0References10Affected Software1
RubySec
RubySec
added 2022/12/13 12:0 a.m.20 views

Improper neutralization of data URIs may allow XSS in rails-html-sanitizer

Summary rails-html-sanitizer = 1.0.3, = 2.1.0. Mitigation Upgrade to rails-html-sanitizer = 1.4.4...

6.1CVSS2.7AI score0.00867EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/15 12:0 a.m.14 views

NewStart CGSL MAIN 6.02 : python-lxml Vulnerability (NS-SA-2022-0101)

The remote NewStart CGSL host, running version MAIN 6.02, has python-lxml packages installed that are affected by a vulnerability: - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass...

8.2CVSS7.2AI score0.02456EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2022/05/12 12:0 a.m.12 views

AlmaLinux 8 : python-lxml (ALSA-2022:1932)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:1932 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

8.2CVSS7.2AI score0.02456EPSS
Exploits0References2
Veracode
Veracode
added 2021/12/14 2:31 a.m.42 views

Cross-site Scripting (XSS)

lxml is vulnerable to Cross-site Scripting XSS. An attacker can inject and execute crafted and SVG embedded scripts through the data URIs in clean.py...

8.2CVSS7.4AI score0.02456EPSS
Exploits0References18Affected Software4
OSV
OSV
added 2021/12/13 6:15 p.m.8 views

AZL-7025 CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

7.1CVSS6.5AI score0.02456EPSS
Exploits0References1
PyPA
PyPA
added 2021/12/13 6:15 p.m.8 views

PYSEC-2021-852

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

8.2CVSS5.7AI score0.02456EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2021/12/13 6:15 p.m.40 views

Hardcoded credentials

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

6.8CVSS6.7AI score0.02456EPSS
Exploits0References14Affected Software8
Github Security Blog
Github Security Blog
added 2021/12/13 6:14 p.m.83 views

lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through

Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...

8.2CVSS7.5AI score0.02456EPSS
Exploits0References17Affected Software1
Debian CVE
Debian CVE
added 2021/12/13 6:5 p.m.39 views

CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

8.2CVSS6.5AI score0.02456EPSS
Exploits0
Cvelist
Cvelist
added 2021/12/13 6:5 p.m.25 views

CVE-2021-43818 HTML Cleaner allows crafted and SVG embedded scripts to pass through

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

8.2CVSS7.7AI score0.02456EPSS
Exploits0References14
AlpineLinux
AlpineLinux
added 2021/12/13 6:5 p.m.76 views

CVE-2021-43818

lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...

8.2CVSS7.8AI score0.02456EPSS
Exploits0
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.4 views

lxml 注入漏洞

Lxml is a personal developer of Lxml can be interacted with Python for locating elements in Html. An injection vulnerability exists in versions of lxml prior to 4.6.5, which stems from the fact that HTML Cleaner allows the passage of certain carefully crafted scripted content, as well as scripted...

8.2CVSS7AI score0.02456EPSS
Exploits0References32
Positive Technologies
Positive Technologies
added 2021/12/12 12:0 a.m.4 views

PT-2021-6092 · Lxml +10 · Lxml +10

Name of the Vulnerable Software and Affected Versions: lxml versions prior to 4.6.5 Description: The HTML Cleaner in lxml.html allows certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. This can be exploited by a remote attacker to...

9.8CVSS6.7AI score0.57499EPSS
Exploits13References648
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.20 views

Mozilla Firefox Security Advisory (MFSA2015-149) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

5CVSS9.5AI score0.06058EPSS
Exploits1References3
OSV
OSV
added 2021/06/18 4:6 p.m.6 views

OPENSUSE-SU-2021:0895-1 Security update for htmldoc

This update for htmldoc fixes the following issues: Update to version 1.9.12 Fixed buffer-overflow CVE-2021-20308 boo1184424 Fixed a crash bug with 'data:' URIs and EPUB output Fixed several other crash bugs Fixed JPEG error handling Fixed some minor issues Removed the bundled libjpeg, libpng, an...

9.8CVSS9.5AI score0.02477EPSS
Exploits1References3
Rows per page
Query Builder