CVE-2018-3740

A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element...

CVE-2018-9031

Affected product: TNLSoftSolutions Sentry Vision 3.x devices. Vulnerability: Password disclosure through the login page by reading the HTML source line containing the pattern if(pwd ==. This effectively makes authentication rely on client-side logic, exposing passwords. Impact (as stated): Passwo...

CVE-2018-7196

Cross-site scripting XSS vulnerability in /scp/index.php in Enhancesoft osTicket before 1.10.2 allows remote attackers to inject arbitrary web script or HTML via the "sort" parameter...

CVE-2018-6196

w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feedtableblocktag function in table.c does not prevent a negative indent value...

rails-html-sanitizer Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

CVE-2017-1000102

The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings Warnings Plugin, could insert...

CVE-2017-2285

The CVE affects WordPress plugin Simple Custom CSS and JS prior to version 3.4. A reflected cross-site scripting (CWE-79) vulnerability allows an attacker to inject arbitrary script, potentially executing in a logged-in user’s browser. The exact attack vectors aren’t specified in the provided doc...

CVE-2016-9119

Removed by vendor...

Cross-Site Scripting (XSS)

Invenio is vulnerable to cross-site scripting XSS attacks. It is exploitable because the main flash messages are displayed as HTML by default...

w3m denial of service vulnerability (CNVD-2016-13129)

w3m is an open source text-based Web browser . A denial of service vulnerability exists in w3m. A remote attacker could cause a denial of service via a crafted HTML page...

CVE-2016-9424

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. w3m doesn't properly validate the value of tag attribute, which allows remote attackers to cause a denial of service heap buffer overflow crash and possibly execute arbitrary code via a crafted HTML page...

CVE-2016-9425

CVE-2016-9425 concerns the w3m fork by Tatsuya Kinoshita prior to 0.5.3-31. it describes a heap-based buffer overflow in addMultirowsForm that can be triggered by a crafted HTML page, enabling a remote attacker to crash the process and potentially execute arbitrary code. The vulnerability is conf...

Brave Software: DOS in browser using window.print() function

Open the attached html poc in browser print window will appear again and again causing dos...

PT-2023-26336 · W3M +3 · W3M +3

Name of the Vulnerable Software and Affected Versions: w3m affected versions not specified Description: An out-of-bounds read flaw was found in the Strnew size function in Str.c, which may allow an attacker to cause a denial of service through a crafted HTML file. Recommendations: At the moment,...

CVE-2015-5375

Cross-site scripting XSS vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web scrip...

Mandriva Linux Security Advisory : python-lxml (MDVSA-2015:112)

Updated python-lxml packages fix security vulnerability : The cleanhtml function, provided by the lxml.html.clean module, did not properly clean HTML input if it included non-printed characters \x01-\x08. A remote attacker could use this flaw to serve malicious content to an application using the...

Microsoft windows Adobe Font Driver Buffer Overflow Vulnerability

Microsoft Windows is an operating system developed by Microsoft. Microsoft Windows Adobe Font Driver does not properly handle specially crafted files or HTML, allowing attackers to exploit the vulnerability for buffer overflow attacks that can crash applications or execute arbitrary code...

Microsoft windows Adobe font driver buffer overflow vulnerability (CNVD-2015-01624)

Microsoft Windows is an operating system developed by Microsoft. A security vulnerability exists in Microsoft Windows Adobe due to a failure of the font driver to properly handle specially crafted files or HTML, which allows attackers to exploit the vulnerability for buffer overflow attacks that...

Microsoft windows Adobe Font Driver Denial of Service Vulnerability

Microsoft Windows is an operating system developed by Microsoft. Microsoft Windows Adobe Font Driver fails to properly handle specially crafted files or HTML, allowing attackers to exploit the vulnerability to trigger memory allocation errors and conduct denial of service attacks...

CVE-2014-100037

Cross-site scripting XSS vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to archives/...