Lucene search
K

534 matches found

Tenable Nessus
Tenable Nessus
added 2020/01/27 12:0 a.m.33 views

Debian DLA-2075-1 : jsoup security update

An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '' at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 'Jessie', this problem has been fixed in version 1.8.1-1+deb8u1. We recommend that you upgrad...

6.1CVSS6.7AI score0.02207EPSS
Exploits0References3
Veracode
Veracode
added 2019/12/02 4:42 p.m.15 views

Denial Of Service (DoS) Through Infinite Loop

html-parser-lite is vulnerable to denial of service attacks. The parser enters an infinite loop when the markup is erroneous, allowing malicious users to cause a system crash...

4.6AI score
Exploits0
PyPA
PyPA
added 2019/08/02 3:15 p.m.6 views

PYSEC-2019-12

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.9AI score0.03172EPSS
Exploits0References11Affected Software1
0day.today
0day.today
added 2019/07/25 12:0 a.m.67 views

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads Exploit

BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...

6.1CVSS7.6AI score0.04558EPSS
Exploits1
Exploit DB
Exploit DB
added 2019/07/25 12:0 a.m.300 views

WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads

BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...

7.4AI score
Exploits0
NVD
NVD
added 2019/06/27 5:15 p.m.19 views

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.1CVSS5.7AI score0.00593EPSS
Exploits0References2
OSV
OSV
added 2019/06/27 5:15 p.m.3 views

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.1CVSS5.8AI score0.00593EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2019/06/27 5:15 p.m.34 views

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.1CVSS6.9AI score0.00593EPSS
Exploits0References2
Prion
Prion
added 2019/06/27 5:15 p.m.27 views

Input validation

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

4.3CVSS6.4AI score0.00593EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/06/27 5:15 p.m.2 views

UBUNTU-CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

6.1CVSS7.3AI score0.00593EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2019/06/27 4:13 p.m.24 views

CVE-2018-6145

Removed by vendor...

6.1CVSS8AI score0.00593EPSS
Exploits0
Cvelist
Cvelist
added 2019/06/27 4:13 p.m.25 views

CVE-2018-6145

Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...

5.6AI score0.00593EPSS
Exploits0References2
CVE
CVE
added 2019/06/27 4:13 p.m.153 views

CVE-2018-6145

Technical details about CVE-2018-6145 are not publicly available in the provided documents; monitor for updates.

6.1CVSS5.5AI score0.00593EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/06/11 9:29 p.m.2 views

CVE-2019-12153

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...

10CVSS7.3AI score0.01687EPSS
Exploits0References3
NVD
NVD
added 2019/06/11 9:29 p.m.14 views

CVE-2019-12153

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...

10CVSS9.4AI score0.01687EPSS
Exploits0References3
Prion
Prion
added 2019/06/11 9:29 p.m.10 views

Input validation

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...

6.4CVSS9.2AI score0.01687EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/06/11 8:33 p.m.19 views

CVE-2019-12153

Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...

9.4AI score0.01687EPSS
Exploits0References3
CVE
CVE
added 2019/06/11 8:33 p.m.92 views

CVE-2019-12153

RealObjects PDFreactor (before 10.1.10722) contains a flaw in its HTML parser that fails validation, enabling server-side request forgery (SSRF) by supplying malicious HTML content. The issue can allow an attacker to access network or file resources from the server. Public references indicate the...

10CVSS9.2AI score0.01687EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2018/12/11 12:0 a.m.23 views

typo3 -- multiple vulnerabilities

Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

5.3AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/10/30 12:0 a.m.4 views

The vulnerability of the LIBXML_ATTR_FORMAT function in the libxml2 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the LIBXMLATTRFORMAT function in the libxml2 library HTML parser.c is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

10CVSS7.5AI score0.07039EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder