GHSA-XRQQ-WQH4-5HG2 svg-sanitizer has Cross-site Scripting Bypass

Update In 88 we have determined that the bypass this security advisory was created for, was a false positive and as such we have requested that the CVE be rejected. A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be...

CVE-2023-28426

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion...

Yii Framwork CmsInput Improper XSS Filter

Yii framework CmsInput extension 1 improper XSS sanitation + Discovered by: Jos Wetzels + Affects: Yii framework CmsInput extension xssClean$this-stripTags$str; What happens is that stripTags is called on the user-supplied input before xssClean is called. stripTags is designed to eliminate all...

TinyShop SQL注入2

简要描述： 参数未过滤，导致注入 详细说明： 问题出现在/protected/controllers/ucenter.php中： public function infosave $rules = array'name:required:昵称不能为空!','realname:required:真实姓名不能为空!','sex:int:性别必需选择！','birthday:date:生日日期格式不正确！','mobile:mobi:手机格式不正确','phone:phone:电话格式不正确'; $info = Validator::check$rules; ifisarray$info...

Fedora Update for php-htmlpurifier-htmlpurifier FEDORA-2014-9361

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-htmlpurifier-htmlpurifier FEDORA-2014-9379

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[PT-2013-63] Hash Length Extension in HTMLPurifier

----------------------------------------------------------- PT-2013-63 Positive Technologies Security Advisory Hash Length Extension in HTMLPurifier ----------------------------------------------------------- --- Vulnerable software HTMLPurifier Version: 4.5.0 and earlier Link:...

PT-2013-63: Hash Length Extension in HTMLPurifier

The specialists of the Positive Research center have detected a vulnerability in HTMLPurifier that allows attackers to carry out a "Hash Length Extension" attack.. Class HTMLPurifierURIFilterMunge implements a URI filter that replaces all links with a formatted URL, for example, it can be used to...

CodeIgniter 2.1.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915...

CodeIgniter 2.1.1 Cross Site Scripting Bypass

This is a security advisory for popular PHP framework - CodeIgniter. I've found several bypasses in xss sanitization functions in the framework. These were responsibly disclosed to the vendor and are now fixed in version 2.1.2. CVE-2012-1915. Affected products ============== CodeIgniter = 2.1.1 P...

XSS vulnerability exploitable on Internet Explorer

More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...