Rocky Linux 8 : python-lxml (RLSA-2022:1932)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1932 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Rocky Linux 8 : python39:3.9 and python39-devel:3.9 (RLSA-2022:1763)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:1763 advisory. - lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content...

Rocky Linux 8 : python27:2.7 (RLSA-2022:1821)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1821 advisory. - There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser...

XWiki 4.2-milestone-1 < 14.6 XSS Vulnerability (GHSA-m3jr-cvhj-f35j)

Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

PT-2023-4253 · Unknown +2 · Htmlcleaner +2

Name of the Vulnerable Software and Affected Versions: HtmlCleaner versions 2.28 and earlier Description: The issue allows attackers to cause a denial of service or other unspecified impacts via a crafted object that uses cyclic dependencies. It is related to a buffer overflow in memory, which ca...

Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml

Impact The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricte...

CVE-2023-29528

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

CVE-2023-29528 Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

CVE-2023-29528

CVE-2023-29528 concerns XWiki Commons: the historic “restricted” HTML cleaning mode could be bypassed via invalid HTML comments, enabling cross-site scripting and potentially server-side code execution with programming rights when a privileged user views a crafted comment. Root cause is the HTML ...

CVE-2023-29528 Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting...

PT-2023-8608 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 14.10 Description: The issue concerns the "restricted" mode of the HTML cleaner in XWiki, which allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. This...

CVE-2023-29201

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

Cross site scripting

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201 org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . ...

CVE-2023-29201

XWiki Commons (org.xwiki.commons:xwiki-commons-xml) is affected by an XSS vulnerability in the HTML cleaner’s restricted mode introduced in 4.2-milestone-1. The restricted mode only escaped [removed] and tags, but did not escape dangerous attributes or other HTML elements (e.g., iframe), enablin...

GHSA-M3JR-CVHJ-F35J org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

Impact The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . As a consequence, any code relying on this "restricted" mode for security is...

org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability

Impact The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped and -tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like . As a consequence, any code relying on this "restricted" mode for security is...