CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/06/08 12:0 a.m.•10 views

HTMLSanitizer 跨站脚本漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 2.3.2 had a cross-site scripting vulnerability. This vulnerability occurred when ALLOWINSECURERAWTEXT was enabled, resulting in blank variant closing tags being ignored, which could lead to...

2.1CVSS4.9AI score0.00282EPSS

Exploits0References1

Tenable Nessus•added 2026/06/05 12:0 a.m.•7 views

Symfony and Symfony HTML Sanitizer Component 6.1.x < 6.4.40 / 7.0.x < 7.4.12 / 8.0.x 8.0.12 Multiple Vulnerabilities

The version of Symfony and/or the Symfony HTML Sanitizer Component installed on the remote host is prior to 6.1.x prior to 6.4.40, 7.0.x prior to 7.4.12, 8.0.x prior to 8.0.12. and, therefore, affected by multiple vulnerabilities: - A visual spoofing vulnerability exists in Symfony Component...

5.6AI score0.00069EPSS

Github Security Blog•added 2026/05/27 8:4 p.m.•10 views

Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse used by UrlSanitizer::sanitize and therefore by every HtmlSanitizer config that allows links or media accepts URLs that contain Unicode explicit-direction BiDi formatting characters: U+202A–U+202E LRE / RLE / PDF / LRO ...

5.9AI score0.00069EPSS

Exploits0References6Affected Software2

OSV•added 2026/05/27 8:4 p.m.•5 views

GHSA-H5VQ-QFCG-4M6P Symfony's HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

6.9CVSS5.9AI score0.00069EPSS

Snyk•added 2026/05/27 9:41 a.m.•9 views

Improper Encoding or Escaping of Output

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the HtmlSanitizer component that fails to properly detect and strip percent-encoded BiDi...

5.3CVSS5.8AI score0.00025EPSS

Exploits0References2

Veracode•added 2026/02/13 3:37 p.m.•7 views

Improper Encoding Or Escaping Of Output

HtmlSanitizer is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to improper sanitization of content inside the allowed tag, which allows an attacker to inject malicious scripts that can execute when the shadowrootmode attribute is set...

6.3CVSS5.6AI score0.00241EPSS

Exploits0References7Affected Software1

RedhatCVE•added 2026/02/06 1:25 a.m.•5 views

CVE-2026-25543

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...

6.3CVSS5.2AI score0.00241EPSS

Exploits0References1

NVD•added 2026/02/04 10:16 p.m.•4 views

CVE-2026-25543

6.3CVSS0.00241EPSS

Vulnrichment•added 2026/02/04 9:45 p.m.•3 views

CVE-2026-25543 HtmlSanitizer has a bypass via template tag

EUVD•added 2026/02/04 9:45 p.m.•4 views

EUVD-2026-5328

CVE•added 2026/02/04 9:45 p.m.•15 views

CVE-2026-25543

HtmlSanitizer (a .NET library) is vulnerable where the template tag is allowed: its contents were not sanitized, enabling potential bypasses (e.g., via mutation or shadowrootmode) to bypass sanitization. Red Hat/NVD/osv/GHSA entries confirm the vulnerability and patch follow-ups. The issue is pat...

Exploits0References4Affected Software1

OSV•added 2026/02/04 9:45 p.m.•5 views

CVE-2026-25543 HtmlSanitizer has a bypass via template tag

CNNVD•added 2026/02/04 12:0 a.m.•5 views

HTMLSanitizer 安全漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 9.0.892 and 9.1.893-beta contained security vulnerabilities. These vulnerabilities stemmed from allowing template tags without cleaning their content, which could lead to cross-site scripting...

6.3CVSS5.6AI score0.00241EPSS