534 matches found
Debian DLA-2075-1 : jsoup security update
An issue has been found in jsoup, a Java HTML parser that makes sense of real-world HTML soup. Due to bad handling of missing '' at EOF a cross-site scripting XSS vulnerability could appear. For Debian 8 'Jessie', this problem has been fixed in version 1.8.1-1+deb8u1. We recommend that you upgrad...
Denial Of Service (DoS) Through Infinite Loop
html-parser-lite is vulnerable to denial of service attacks. The parser enters an infinite loop when the markup is erroneous, allowing malicious users to cause a system crash...
PYSEC-2019-12
An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads Exploit
BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...
WebKit - Universal Cross-Site Scripting due to Synchronous Page Loads
BACKGROUND As lokihardt@ has demonstrated in https://bugs.chromium.org/p/project-zero/issues/detail?id=1121, WebKit's support of the obsolete showModalDialog method gives an attacker the ability to perform synchronous cross-origin page loads. In certain conditions, this might lead to...
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
Input validation
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
UBUNTU-CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2018-6145
Removed by vendor...
CVE-2018-6145
Insufficient data validation in HTML parser in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to bypass same origin policy via a crafted HTML page...
CVE-2018-6145
Technical details about CVE-2018-6145 are not publicly available in the provided documents; monitor for updates.
CVE-2019-12153
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...
CVE-2019-12153
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...
Input validation
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...
CVE-2019-12153
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content...
CVE-2019-12153
RealObjects PDFreactor (before 10.1.10722) contains a flaw in its HTML parser that fails validation, enabling server-side request forgery (SSRF) by supplying malicious HTML content. The issue can allow an attacker to access network or file resources from the server. Public references indicate the...
typo3 -- multiple vulnerabilities
Typo3 core team reports: CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...
The vulnerability of the LIBXML_ATTR_FORMAT function in the libxml2 library allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the LIBXMLATTRFORMAT function in the libxml2 library HTML parser.c is related to the use of an uncontrolled format string. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...