mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

phlex 安全漏洞

phlex is a framework for building object-oriented views in Ruby. A security vulnerability exists in Phlex versions prior to 1.10.2, which stems from maliciously generated HTML attribute names and values in Phlex that could lead to cross-site scripting...

DEBIAN-CVE-2024-22195

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting XSS. The Jinja xmlattr filter can be abused t...

OESA-2023-1294 golang security update

The Go Programming Language. Security Fixes: Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into...

SUSE CVE-2005-3167

Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs HTML inline style attributes that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting XSS attacks...

PT-2021-3745 · Owasp +1 · Owasp Antisamy +1

Name of the Vulnerable Software and Affected Versions: OWASP AntiSamy versions prior to 1.6.4 Description: The issue allows for cross-site scripting XSS attacks via HTML attributes when using the HTML output serializer. This was demonstrated by a javascript: URL, where the colon character was...