CVE-2022-48345

sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...

CVE-2022-48345

sanitize-url aka @braintree/sanitize-url before 6.0.2 allows XSS via HTML entities...

CVE-2022-48345

CVE-2022-48345 affects sanitize-url (aka @braintree/sanitize-url) before 6.0.2, allowing XSS via HTML entities. Public references show fixes moving to 6.0.2+ (e.g., commit and release notes comparing 6.0.1 → 6.0.2). Remediation: upgrade to 6.0.2 or later.

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing conversion for HTML entities in Faq.php, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the missing conversion for HTML entities in report.view.php, allowing an attacker to inject and execute malicious JavaScript through the FAQ-Proposal, which leads to an admin account takeover...

SUSE CVE-2006-5465

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the 1 htmlentities or 2 htmlspecialchars functions...

SUSE CVE-2008-5557

Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...

SUSE CVE-2016-5094

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

SUSE CVE-2016-5095

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

SUSE CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML...

SUSE CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to missing conversions of HTML entities in the library, allowing an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site ScriptingXSS attacks. The library does not properly escape the user input before converting to HTML entities, which allows an attacker to inject and execute malicious code on the target system...

Cross-Site Scripting (XSS)

thorsten/phpmyfaq is vulnerable to stored cross-site scripting. The vulnerability exists in multiple functions due to missing escape strings in the HTML entities which allows an attacker to inject and execute malicious JavaScript...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to cross-site scripting. The vulnerability is due to index.php missing safe conversion to HTML entities which allows an attacker to inject and execute malicious JavaScript...

Cross-site Scripting (XSS)

com.liferay:com.liferay.announcements.web is vulnerable to cross-site scripting XSS. The library does not properly escape HTML entities in search-container-column-text in view.jsp, which allows an attacker to inject and execute malicious JavaScript...

USN-5181-1 jqueryui vulnerability

It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. CVE-2021-41184 It was discovered that jQuery U...

CVE-2022-34912

An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...