PT-2018-14219 · Google · Html Package

Name of the Vulnerable Software and Affected Versions: html package aka x/net/html versions through 2018-09-25 Description: The issue is related to the html package mishandling certain HTML inputs, such as , leading to a "panic: runtime error" index out of range in nodeStack.pop or...

Cross-Site Scripting (XSS)

qutebrowser is vulnerable to cross-site scripting attacks. The attacks exists in the history command, qute://history page through which an attacker can inject malicious Javascript to steal a user's browsing history when the user visits a page with an html input element as it's title...

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

Cross site scripting

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

Cross site scripting

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

CVE-2017-16017

The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...

CVE-2017-16016

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

UBUNTU-CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2017-37090)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect versions 9.6.2 and earlier. The vulnerability occurs because the software fails to properly filter HTML code in user-supplied input before displaying it. A remote user...

CVE-2017-1000103

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

Cross site scripting

The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...

KLA11049 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper validating of input before loading...

MyBB 1.8.6 - Cross-Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 01/29/2016 Disclosed...

MyBB 1.8.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: MyBB 1.8.6 Fixed in: 1.8.7 Fixed Version Link: http://resources.mybb.com/downloads/mybb1807.zip Vendor Website: http://www.mybb.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 01/29/2016 Disclosed...

[SECURITY] Fedora 22 Update: perl-HTML-Scrubber-0.15-1.fc22

If you wanna "scrub" or "sanitize" html input in a reliable an flexible fashion, then this module is for you. I wasn't satisfied with HTML::Sanitizer because it is based on HTML::TreeBuilder, so I thought I'd write something similar that works directly with HTML::Parser...

[SECURITY] Fedora 23 Update: perl-HTML-Scrubber-0.15-1.fc23

If you wanna "scrub" or "sanitize" html input in a reliable an flexible fashion, then this module is for you. I wasn't satisfied with HTML::Sanitizer because it is based on HTML::TreeBuilder, so I thought I'd write something similar that works directly with HTML::Parser...

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01547)

Google Chrome is a web browsing tool developed by Google. A post-release reuse vulnerability exists in the core/html/HTMLInputElement.cpp file in the DOM implementation of Blink used in versions prior to Google Chrome 41.0.2272.76. A remote attacker can exploit this vulnerability to cause a denia...

UBUNTU-CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...