616 matches found
Design/Logic Flaw
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
UBUNTU-CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
CVE-2022-32209
Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...
GHSA-PCM9-FP55-563V OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
GHSA-WW53-WXXR-8F9W Trac has vulnerability in HTML sanitizer filter
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
PT-2022-4877
Name of the Vulnerable Software and Affected Versions Rails::Html::Sanitizer versions prior to 1.4.3 Description The issue is related to the incorrect use of select and style elements when overriding allowed tags in the HTML sanitizer for Rails applications. This can allow a remote attacker to...
PT-2022-7696 · Npm · @Marp-Team/Marp-Core
Name of the Vulnerable Software and Affected Versions: @marp-team/marp-core versions 3.0.2 through 3.9.0 @marp-team/marp-core version 4.0.0 Description: The issue is related to cross-site scripting XSS due to improper neutralization of HTML sanitization. This can allow an attacker to conduct...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2907)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious code in lib-bb-html-sanitizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
EulerOS Virtualization 2.9.1 : python-lxml (EulerOS-SA-2021-2732)
According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...
Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2732)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
br.com.jarch:jarch-apt (>=20.7.0 <=25.12.0), br.com.jarch:jarch-bpm (>=24.2.0 <=25.12.0) +301 more potentially affected by CVE-2021-42575 via com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (>=1.1 <=20200713.1)
com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer MAVEN version =1.1, =20.7.0, =24.2.0, =20.7.0, =23.1.0, =24.2.0, =3.0.0.RELEASE, =3.0.3.RELEASE, =1.0.1, =4.12.1.1, =2.2.1, =7.2.0.1, =1.2.0, =1.2.4 and more Source cves: CVE-2021-42575 Source advisory: OSV:GHSA-3W73-FMF3-HG5C...
Policies not properly enforced in OWASP Java HTML Sanitizer
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
GHSA-3W73-FMF3-HG5C Policies not properly enforced in OWASP Java HTML Sanitizer
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42575
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
Design/Logic Flaw
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42575
The IBM Jazz Reporting Service is affected by CVE-2021-42575 (OWASP Java HTML Sanitizer before 20211018.1 fails to properly enforce policies for SELECT, STYLE, and OPTION). Affected versions: 7.1, 7.0.3, 7.0.2. Remediation via IBM: apply the relevant iFix from Fix Central (7.1: iFix005; 7.0.3: iF...