Lucene search
+L

616 matches found

OSV
OSV
added 2012/08/30 12:0 a.m.75 views

DSA-2537-1 typo3-src - several

Bulletin has no description...

4.6CVSS6AI score0.0212EPSS
Exploits1
seebug.org
seebug.org
added 2011/11/22 12:0 a.m.66 views

OWASP Java HTML Sanitizer信息泄露漏洞

Bugtraq ID: 50748 CVE ID:CVE-2011-4457 Owasp-java-html-sanitizer是一款基于java的过滤HTML的应用,用于保护XSS。 当过滤内容与用户交互并且JavaScipt禁用时OWASP HTML Sanitizer存在漏洞,允许重定向或POST到任意URL。导致敏感信息泄露。 OWASP Java HTML Sanitizer 厂商解决方案 OWASP Java HTML Sanitizer r88已经修复此漏洞,建议用户下载使用: http://code.google.com/p/owasp-java-html-sanitiz...

2.6CVSS6.5AI score0.01366EPSS
Exploits1
NVD
NVD
added 2011/11/17 11:55 p.m.17 views

CVE-2011-4457

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

2.6CVSS5.9AI score0.01366EPSS
Exploits1References2
Prion
Prion
added 2011/11/17 11:55 p.m.15 views

Design/Logic Flaw

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

2.6CVSS6.5AI score0.01366EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2011/11/17 11:0 p.m.63 views

CVE-2011-4457

OWASP Java HTML Sanitizer (owasp-java-html-sanitizer) before version 88 is affected: when JavaScript is disabled, a crafted FORM element within a NOSCRIPT element can lead to information exposure by user-assisted remote interaction. The issue is fixed in r88; users should upgrade to that release....

2.6CVSS6AI score0.01366EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2011/11/17 11:0 p.m.23 views

CVE-2011-4457

OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...

5.9AI score0.01366EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2009/06/24 8:0 p.m.109 views

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

10CVSS8.3AI score0.54003EPSS
Exploits23
OSV
OSV
added 2008/12/17 6:30 p.m.4 views

DEBIAN-CVE-2008-5647

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS6.4AI score0.0107EPSS
Exploits0References1
Prion
Prion
added 2008/12/17 6:30 p.m.13 views

Design/Logic Flaw

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS6.8AI score0.0107EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2008/12/17 6:30 p.m.17 views

CVE-2008-5647

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS5.9AI score0.0107EPSS
Exploits0References2
OSV
OSV
added 2008/12/17 6:30 p.m.20 views

PYSEC-2008-7

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS4.8AI score0.0107EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2008/12/17 6:0 p.m.43 views

CVE-2008-5647

Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...

5CVSS4.8AI score0.0107EPSS
Exploits0
CVE
CVE
added 2008/12/17 6:0 p.m.47 views

CVE-2008-5647

CVE-2008-5647 affects Trac prior to 0.11.2, due to an unspecified vulnerability in the HTML sanitizer filter that enables phishing attacks via unknown vectors. The description provides no explicit exploit details or available fixes; no remediation version is stated in the supplied documents.

5CVSS6.1AI score0.0107EPSS
Exploits0References5Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.16 views

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

6.1CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

More info at https://symfony.com/cve-2026-45066...

6.1CVSS5.8AI score0.0029EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

6.1CVSS5.8AI score0.00268EPSS
Exploits0Affected Software1
Rows per page
Query Builder