CVE-2019-5450

Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML...

CVE-2019-5450

The CVE-2019-5450 entry concerns the Nextcloud Android app prior to version 3.7.0, where improper sanitization of HTML in directory names allowed styling in the header bar via basic HTML. Connected sources corroborate this as a Nextcloud Android client issue and include a public report describing...

Cross-site Scripting (XSS)

stackable.js is vulnerable to Cross-Site Scripting. The library does not sanitize the output properly when constructing the HTML from the existing elements,, allowing an attacker to use a malicious payload to execute arbitrary Javascript code...

Cross-Site Scripting

Overview All versions of bleach are vulnerable to Cross-Site Scripting. It is possible to bypass the package's HTML sanitization with payloads such as "scriptalert'xss';script" regardless of the passed options. This may allow attackers to execute arbitrary JavaScript in the victim's browser...

PT-2019-6379 · Red Hat +3 · Hibernate Validator +3

Name of the Vulnerable Software and Affected Versions: Hibernate Validator affected versions not specified Description: The issue is related to the SafeHtml validator in Hibernate Validator, which fails to properly sanitize HTML content. This can lead to an XSS attack when an attacker sends...

CVE-2018-16096

In System Management Module SMM versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting...

CVE-2018-16096

The CVE-2018-16096 issue affects Lenovo System Management Module (SMM) firmware prerelease 1.06, where the SMM web interface for changing Enclosure VPD fails to sanitize all HTML inputs, creating a cross-site scripting risk. The vulnerability is documented alongside other SMM flaws in Lenovo LEN-...

GHSA-HFJ4-96F7-6R5G Cross-Site Scripting in html-janitor

Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...

Cross-Site Scripting in html-janitor

Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...

Cross-Site Scripting

Overview Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...

DEBIAN-CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

PYSEC-2018-57

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Design/Logic Flaw

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2017-1000386

Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...

Node.js third-party modules: [metascraper] Stored XSS in Open Graph meta properties read by metascrapper

Hi Guys, metascrapper is vulnerable to Stored XSS via Open Graph metadata, if they are used in HTML without any sanitization. Module: A library to easily scrape metadata from an article on the web using Open Graph metadata, regular HTML metadata, and series of fallbacks...

Spoofing

A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability"...

morty - Privacy aware web content sanitizer proxy as a service

Web content sanitizer proxy as a service. Morty rewrites web pages to exclude malicious HTML tags and attributes. It also replaces external resource references to prevent third party information leaks. The main goal of morty is to provide a result proxy for searx , but it can be used as a...

Open-Xchange: Incomplete HTML sanitization + Session id leaking + private information disclosure

Hello, I have found a chain of events that lead to session id leaking, witch can be then used to gather private data about other added inboxes to account / login id and some other infos. Unfortunatelly for me I wasn't able to make a hostile account takeover because of you session id + cookie...