90 matches found
GHSA-C5C9-8C6M-727V Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...
Cross-Site Scripting via Rich-Text Content
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC 5.7 Problem Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
Cross site scripting
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding...
Cross-Site Scripting via Rich-Text Content
Failing to properly parse, sanitize and encode malicious rich-text content, the content rendering process in the website frontend is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser do not consider all potentially malicious HTML tag ...
Denial Of Service (DoS)
libxml2 is vulnerable to denial of service DoS. The vulnerability exists in the htmlParseTryOrFinish function in HTMLparser.c due to buffer-over-read, allowing an attacker to crash the application...
Django: the behavior of the underlying HTMLParser leading to DoS
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
[SECURITY] [DLA 1872-1] python-django security update
Package : python-django Version : 1.7.11-1+deb8u7 CVE IDs : CVE-2019-14232 CVE-2019-14233 Debian Bug : 934026 It was discovered that there were two vulnerabilities in the Django web development framework: CVE-2019-14232: Prevent a possible denial-of-service in django.utils.text.Truncator. If...
Django Denial-of-service in strip_tags()
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
[ASA-201908-3] python2-django: multiple issues
Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
ALPINE-CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
Design/Logic Flaw
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
PYSEC-2019-82
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2019-14233
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
CVE-2019-14233
CVE-2019-14233 affects Django up to version 2.2.x before 2.2.4 (and earlier branches) where django.utils.html.strip_tags() could recurse excessively due to HTMLParser behavior when handling incomplete HTML entities, leading to denial-of-service. Connected advisories show fixes across multiple dis...