Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse used by UrlSanitizer::sanitize and therefore by every HtmlSanitizer config that allows links or media accepts URLs that contain Unicode explicit-direction BiDi formatting characters: U+202A–U+202E LRE / RLE / PDF / LRO ...

GHSA-H5VQ-QFCG-4M6P Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse used by UrlSanitizer::sanitize and therefore by every HtmlSanitizer config that allows links or media accepts URLs that contain Unicode explicit-direction BiDi formatting characters: U+202A–U+202E LRE / RLE / PDF / LRO ...

Improper Encoding or Escaping of Output

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the HtmlSanitizer component that fails to properly detect and strip percent-encoded BiDi...

Improper Encoding Or Escaping Of Output

HtmlSanitizer is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to improper sanitization of content inside the allowed tag, which allows an attacker to inject malicious scripts that can execute when the shadowrootmode attribute is set...

CVE-2026-25543

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

CVE-2026-25543

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

CVE-2026-25543 HtmlSanitizer has a bypass via template tag

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

CVE-2026-25543

HtmlSanitizer (a .NET library) is vulnerable where the template tag is allowed: its contents were not sanitized, enabling potential bypasses (e.g., via mutation or shadowrootmode) to bypass sanitization. Red Hat/NVD/osv/GHSA entries confirm the vulnerability and patch follow-ups. The issue is pat...

EUVD-2026-5328

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

CVE-2026-25543 HtmlSanitizer has a bypass via template tag

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

HTMLSanitizer 安全漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 9.0.892 and 9.1.893-beta contained security vulnerabilities. These vulnerabilities stemmed from allowing template tags without cleaning their content, which could lead to cross-site scripting...

Improper Encoding or Escaping of Output

Overview HtmlSanitizer is a Cleans HTML from constructs that can be used for cross site scripting XSS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the template tag handling. An attacker can inject and execute arbitrary scripts by crafting HTML...

GHSA-J92C-7V7G-GJ3F HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

PT-2026-6321

Name of the Vulnerable Software and Affected Versions HtmlSanitizer versions prior to 9.0.892 HtmlSanitizer versions prior to 9.1.893-beta Description HtmlSanitizer is a .NET library designed to prevent cross-site scripting XSS attacks by cleaning HTML fragments and documents. Before versions...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

EUVD-2021-0498

Malware in sbrugna...

EUVD-2022-1094

Malicious code in bioql PyPI...

HTMLSanitizer 跨站脚本漏洞

HTMLSanitizer is a JuliaHub open source HTML formatting software. A cross-site scripting vulnerability exists in versions of HTMLSanitizer prior to 0.2.1, which stems from a cross-site scripting attack caused by incorrectly escaping the contents of the style tag...

PT-2025-26646 · Unknown · Htmlsanitizer.Jl

Name of the Vulnerable Software and Affected Versions: HTMLSanitizer.jl versions prior to 0.2.1 Description: The issue is related to improper HTML sanitization in HTMLSanitizer.jl, a Whitelist-based HTML sanitizer. When the style tag is added to the whitelist, content inside the tag is incorrectl...

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...