php: Integer overflow in php_html_entities()

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

CVE-2016-5095

CVE-2016-5094 and CVE-2016-5095 are PHP integer-overflow issues in ext/standard/html.c (php_html_entities and php_escape_html_entities_ex). Affects PHP versions before 5.5.36 and 5.6.x before 5.6.22, enabling a remote attacker to cause a denial of service by triggering a large output string via h...

UBUNTU-CVE-2016-5094

Integer overflow in the phphtmlentities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from the htmlspecialchars function...

UBUNTU-CVE-2016-5095

Integer overflow in the phpescapehtmlentitiesex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a large output string from a FILTERSANITIZEFULLSPECIALCHARS...

Cross-Site Scripting

Overview Affected versions of backbone are vulnerable to cross-site scripting when users are allowed to supply input to the ModelEscape function, and the output is then written to the DOM. The vulnerability occurs as a result of the regular expression used to encode metacharacters failing to take...

Sanitization bypass using HTML Entities

Overview Affected versions of marked are susceptible to a cross-site scripting vulnerability in link components when sanitize:true is configured. Proof of Concept This flaw exists because link URIs containing HTML entities get processed in an abnormal manner. Any HTML Entities get parsed on a...

How I was in the Google collaboration community GWC found the reflection type, a storage type, the DOM type of vulnerability? - Vulnerability warning-the black bar safety net

! Google for Work Connect, the GWC is a System, Application Administrator, and partner community of system, but also in Google's vulnerability reward range. Shortly before, I was in the GWC community system found reflection type, a storage type, the DOM typeXSS. The storage typeXSS In the GWC...

CVE-2016-1305

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511...

CVE-2016-1305

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511...

Cisco Application Policy Infrastructure Controller Enterprise Module Cross-Site Scripting Vulnerability

A vulnerability in the web framework of the Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM could allow an unauthenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient sanitization of HTML entities returned to...

Google Chrome Multiple Vulnerabilities-02 (Dec 2015) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Google Chrome Multiple Vulnerabilities-02 (Dec 2015) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2015-6790

CVE-2015-6790 affects Google Chrome up to version 47.0.2526.80, where WebPageSerializerImpl::openTagToString does not properly escape HTML entities, enabling injection of arbitrary script or HTML via crafted documents. Debian security advisory DSA-3418-1 confirms the fix in Chrome 47.0.2526.80-1~...

CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

CVE-2015-6790

Removed by vendor...

chromium-browser: Escaping issue in saved pages

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...

change fontset 'icons' to html entities to improve security compliance

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-38988. panel It seems that the icons in Confluence are currently rendered using fontset. This can be an issue for organization...