Astra Linux - уязвимость в jsoup

jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...

Astra Linux - уязвимость в jsoup

jsoup is a Java library for working with HTML. Users of jsoup versions prior to 1.14.2 who parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user-supplied input, an attacker may provide content that causes the parser to become stuck loop indefinitely until...

CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

Cross-site scripting in Action caption

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. See CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Description In Vaadin Framework 7 and 8...

EUVD-2021-1791

Malware in sbrugna...

EUVD-2022-2341

Malicious code in bioql PyPI...

jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

...

Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions

...

TencentOS Server 4: jsoup (TSSA-2025:0070)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0070 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

PT-2025-25510 · Git +1 · Jsoup

Name of the Vulnerable Software and Affected Versions: jsoup affected versions not specified Description: The software is susceptible to a security exception during HTML processing. The crash occurs within the org.jsoup.parser.HtmlTreeBuilder class, specifically during the process and...

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

K000150762: jsoup vulnerabilities CVE-2015-6748, CVE-2021-37714, and CVE-2022-36033

Security Advisory Description CVE-2015-6748 Cross-site scripting XSS vulnerability in jsoup before 1.8.3. CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run ...

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

Amazon Linux 2 : jsoup (ALAS-2025-2813)

The version of jsoup installed on the remote host is prior to 1.16.1-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2813 advisory. jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be...

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

Medium: jsoup

Issue Overview: jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop...

Linux Distros Unpatched Vulnerability : CVE-2021-37714

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If th...