Lucene search
+L

616 matches found

Prion
Prion
added 2022/06/24 3:15 p.m.25 views

Design/Logic Flaw

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

4.3CVSS6.1AI score0.29316EPSS
Exploits1References4Affected Software3
UbuntuCve
UbuntuCve
added 2022/06/24 3:15 p.m.33 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6.5AI score0.29316EPSS
Exploits1References4
OSV
OSV
added 2022/06/24 3:15 p.m.5 views

UBUNTU-CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6.5AI score0.29316EPSS
Exploits1References5
OSV
OSV
added 2022/06/24 12:0 a.m.22 views

CVE-2022-32209

Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3 ImpactA possible XS...

6.1CVSS6AI score0.29316EPSS
Exploits1References7
OSV
OSV
added 2022/05/17 5:36 a.m.26 views

GHSA-PCM9-FP55-563V OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

2.6CVSS5.7AI score0.01366EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/05/17 5:36 a.m.25 views

OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

2.6CVSS6.2AI score0.01366EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2022/05/17 2:17 a.m.4 views

GHSA-WW53-WXXR-8F9W Trac has vulnerability in HTML sanitizer filter

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5.4CVSS6.1AI score0.0107EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.4 views

PT-2022-4877

Name of the Vulnerable Software and Affected Versions Rails::Html::Sanitizer versions prior to 1.4.3 Description The issue is related to the incorrect use of select and style elements when overriding allowed tags in the HTML sanitizer for Rails applications. This can allow a remote attacker to...

7.5CVSS6.3AI score0.29316EPSS
Exploits5References337
Positive Technologies
Positive Technologies
added 2022/01/23 12:0 a.m.5 views

PT-2022-7696 · Npm · @Marp-Team/Marp-Core

Name of the Vulnerable Software and Affected Versions: @marp-team/marp-core versions 3.0.2 through 3.9.0 @marp-team/marp-core version 4.0.0 Description: The issue is related to cross-site scripting XSS due to improper neutralization of HTML sanitization. This can allow an attacker to conduct...

5.3CVSS5.7AI score0.00307EPSS
Exploits0References14
OpenVAS
OpenVAS
added 2021/12/31 12:0 a.m.15 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2907)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2021/12/27 12:0 a.m.5 views

Malicious code in lib-bb-html-sanitizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 74072bddc9908e0147976fde0680c197ac5b38167bfcdf14afc5f79f23749f72 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

7.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2021/11/29 6:32 a.m.51 views

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS1.2AI score0.02844EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2021/11/17 12:0 a.m.25 views

EulerOS Virtualization 2.9.1 : python-lxml (EulerOS-SA-2021-2732)

According to the versions of the python-lxml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and...

6.1CVSS7.6AI score0.04002EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2021/11/17 12:0 a.m.16 views

Huawei EulerOS: Security Advisory for python-lxml (EulerOS-SA-2021-2732)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2021/10/19 8:15 p.m.4 views

br.com.jarch:jarch-apt (>=20.7.0 <=25.12.0), br.com.jarch:jarch-bpm (>=24.2.0 <=25.12.0) +301 more potentially affected by CVE-2021-42575 via com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer (>=1.1 <=20200713.1)

com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer MAVEN version =1.1, =20.7.0, =24.2.0, =20.7.0, =23.1.0, =24.2.0, =3.0.0.RELEASE, =3.0.3.RELEASE, =1.0.1, =4.12.1.1, =2.2.1, =7.2.0.1, =1.2.0, =1.2.4 and more Source cves: CVE-2021-42575 Source advisory: OSV:GHSA-3W73-FMF3-HG5C...

9.8CVSS6.7AI score0.02844EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/10/19 8:15 p.m.97 views

Policies not properly enforced in OWASP Java HTML Sanitizer

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS0.7AI score0.02844EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/10/19 8:15 p.m.29 views

GHSA-3W73-FMF3-HG5C Policies not properly enforced in OWASP Java HTML Sanitizer

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS9.3AI score0.02844EPSS
Exploits1References4
NVD
NVD
added 2021/10/18 3:15 p.m.23 views

CVE-2021-42575

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

9.8CVSS0.02844EPSS
Exploits1References3
Prion
Prion
added 2021/10/18 3:15 p.m.27 views

Design/Logic Flaw

The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...

7.5CVSS9.2AI score0.02844EPSS
Exploits1References3Affected Software3
CVE
CVE
added 2021/10/18 2:38 p.m.348 views

CVE-2021-42575

The IBM Jazz Reporting Service is affected by CVE-2021-42575 (OWASP Java HTML Sanitizer before 20211018.1 fails to properly enforce policies for SELECT, STYLE, and OPTION). Affected versions: 7.1, 7.0.3, 7.0.2. Remediation via IBM: apply the relevant iFix from Fix Central (7.1: iFix005; 7.0.3: iF...

9.8CVSS9.2AI score0.02844EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder