445 matches found
CVE-2022-23494
Removed by vendor...
Ruby on Rails: ActionView sanitize helper bypass leading to XSS using SVG tag.
An HTML sanitization bypass vulnerability was discovered in the ActionView sanitize helper. This allowed an attacker to bypass sanitization and execute cross-site scripting XSS attacks by using the use tag of the SVG element. By embedding a base64 encoded SVG with malicious code, an attacker coul...
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted wi...
Ruby on Rails: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)
I have confirmed that ReDoS occurs on Rails::Html::PermitScrubber.scrubattribute. https://github.com/rails/rails-html-sanitizer/blob/v1.4.3/lib/rails/html/scrubbers.rbL134 ruby def scrubattributenode, attrnode attrname = if attrnode.namespace "attrnode.namespace.prefix:attrnode.nodename" else...
Fedora: Security Advisory for rubygem-rails-html-sanitizer (FEDORA-2022-ce4719993c)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for rubygem-rails-html-sanitizer (FEDORA-2022-974fffb418)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: rubygem-rails-html-sanitizer-1.4.3-1.fc35
HTML sanitization for Rails applications...
[SECURITY] Fedora 36 Update: rubygem-rails-html-sanitizer-1.4.3-1.fc36
HTML sanitization for Rails applications...
CVE-2022-31136
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as...
The vulnerability of the Mozilla Firefox browser, related to errors during HTML sanitization, allows attackers to compromise the integrity of protected information.
The vulnerability of the Mozilla Firefox browser is related to errors during HTML sanitization. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...
GHSA-RM89-9G65-4FFR Insufficient HTML Sanitization
Impact Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views. The problem here stems from multiple issues: - Insufficient...
Insufficient HTML Sanitization
Impact Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views. The problem here stems from multiple issues: - Insufficient...
Cross-site Scripting (XSS)
moodle is vulnerable to cross site scripting. The vulnerability exists due to a lack of sanitization of html in overview section allowing an attacker to inject maliciously crafted script via the message preview...
GHSA-3XJQ-8J89-XRW9 Jenkins Badge Plugin cross-site scripting vulnerability
A persisted cross-site scripting vulnerability exists in Jenkins Badge Plugin 1.4 and earlier in BadgeSummaryAction.java, HtmlBadgeAction.java that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
CVE-2022-0427
CVE-2022-0427 affects GitLab CE/EE (all versions since 14.5) due to missing sanitization of HTML attributes in Jupyter notebooks. The underlying issue can let an attacker cause arbitrary HTTP POST requests on behalf of an affected user, enabling potential account takeover. Exploitation details, a...
CVE-2022-0427
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover...
Remote Code Execution (RCE)
ckeditor4 is vulnerable to remote code execution. The vulnerability exists due to lack of sanitization malformed HTML allowing an attacker to inject maliciously crafted script...
[SECURITY] Fedora 35 Update: rust-ammonia-3.1.3-1.fc35
HTML Sanitization...
[SECURITY] Fedora 34 Update: rust-ammonia-3.1.3-1.fc34
HTML Sanitization...