525 matches found
Cross-site Scripting (XSS)
lxmlhtmlclean is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of context-switching for special HTML tags such as , , and by the HTML parser in versions prior to 0.4.0, allowing malicious scripts to bypass the cleaning process...
CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595 HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxmlhtmlclean but may be interpreted differently by web...
PT-2024-39667 · Vue · Vue
Name of the Vulnerable Software and Affected Versions: Vue affected versions not specified Description: The issue is related to an improper regular expression in Vue's parseHTML function, which can lead to a potential regular expression denial of service vulnerability. This flaw, known as a ReDoS...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
PT-2024-5303 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 127.0.6533.72 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in HTML, allowing a remote attacker to perform UI spoofing via a crafted HTML...
RHEL 5 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: Local user code injection in the meta rule syntax CVE-2018-11781 - A denial of service...
Heap-based Buffer Overflow
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer...
RHEL 6 : spamassassin (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - spamassassin: Malicious rule configuration files can be configured to run system commands CVE-2020-1946 -...
FreeBSD : clamav -- Possible crash in the HTML file parser that could cause a denial-of-service (DoS) condition (ecafc4af-fe8a-11ee-890c-08002784c58d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ecafc4af-fe8a-11ee-890c-08002784c58d advisory. - A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause...
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380 ClamAV HTML Parser Denial of Service Vulnerability
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380
Summary: CVE-2024-20380 is a DoS in ClamAV’s HTML parser triggered by a crafted HTML file scanned by the unauthenticated attacker. The root cause is tied to the C-to-Rust FFI boundary in the HTML parser, leading to a crash of the clamd/scan process and a denial of service. Affected product/versio...
CVE-2024-20380 ClamAV HTML Parser Denial of Service Vulnerability
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...
CVE-2024-20380
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitti...