VulnCheck KEV: CVE-2021-1871

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing...

CVE-2020-13973

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

CVE-2020-13973

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

Code injection

OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause...

jQuery <= 3.5 html() Cross Site Scripting Exploit

Exploit for jsp platform in category web applications jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security...

jQuery html() Cross Site Scripting

jquery-xss-in-html jQuery 3.5 Cross-Site Scripting XSS in html Timmy Willison recently released a new version of jQuery. jQuery 3.5 fixes a cross-site scripting XSS vulnerability found in the jQuery’s HTML parser. The Snyk open source security platform estimates that 84% of all websites may be...

The vulnerability of the HTMLParser module from django.utils.html.strip_tags in the Django web development framework allows a attacker to cause a denial-of-service attack.

The vulnerability of the HTMLParser module in django.utils.html.striptags of the Django web development framework is related to a slow evaluation of large input data, which contain large sequences of incomplete HTML objects. Exploiting this vulnerability may allow an attacker to cause service...

Huawei EulerOS: Security Advisory for lynx (EulerOS-SA-2020-1410)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : lynx (EulerOS-SA-2020-1410)

According to the version of the lynx package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Lynx is a text-based Web browser. Lynx does not display any images,but it does support frames, tables, and most other HTML tags. One advantage Lynx ha...

Use-after-free

The kdelibs vulnerable use-after-free. A flaw was found in the way the KDE HTML parser handled content for the HTML "head" element. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service Konqueror crash or,...

Debian DLA-2075-1 : jsoup security update

An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '' at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 'Jessie', this problem has been fixed in version 1.8.1-1+deb8u1. We recommend that you upgrad...

Debian: Security Advisory (DLA-2075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS) Through Infinite Loop

html-parser-lite is vulnerable to denial of service attacks. The parser enters an infinite loop when the markup is erroneous, allowing malicious users to cause a system crash...

PYSEC-2019-12

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads Exploit

BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads

BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

Input validation

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...