616 matches found
DSA-2537-1 typo3-src - several
Bulletin has no description...
OWASP Java HTML Sanitizer信息泄露漏洞
Bugtraq ID: 50748 CVE ID:CVE-2011-4457 Owasp-java-html-sanitizer是一款基于java的过滤HTML的应用,用于保护XSS。 当过滤内容与用户交互并且JavaScipt禁用时OWASP HTML Sanitizer存在漏洞,允许重定向或POST到任意URL。导致敏感信息泄露。 OWASP Java HTML Sanitizer 厂商解决方案 OWASP Java HTML Sanitizer r88已经修复此漏洞,建议用户下载使用: http://code.google.com/p/owasp-java-html-sanitiz...
CVE-2011-4457
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
Design/Logic Flaw
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
CVE-2011-4457
OWASP Java HTML Sanitizer (owasp-java-html-sanitizer) before version 88 is affected: when JavaScript is disabled, a crafted FORM element within a NOSCRIPT element can lead to information exposure by user-assisted remote interaction. The issue is fixed in r88; users should upgrade to that release....
CVE-2011-4457
OWASP HTML Sanitizer aka owasp-java-html-sanitizer before 88, when JavaScript is disabled, allows user-assisted remote attackers to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element...
USN-791-1: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
DEBIAN-CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
Design/Logic Flaw
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
PYSEC-2008-7
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
CVE-2008-5647
Unspecified vulnerability in the HTML sanitizer filter in Trac before 0.11.2 allows attackers to conduct phishing attacks via unknown attack vectors...
CVE-2008-5647
CVE-2008-5647 affects Trac prior to 0.11.2, due to an unspecified vulnerability in the HTML sanitizer filter that enables phishing attacks via unknown vectors. The description provides no explicit exploit details or available fixes; no remediation version is stated in the supplied documents.
CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content
More info at https://symfony.com/cve-2026-48761...
CVE-2026-45066: HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification
More info at https://symfony.com/cve-2026-45066...
CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content
More info at https://symfony.com/cve-2026-48761...