158 matches found
GHSA-GP7F-RWCX-9369 jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted wi...
Cross-site Scripting (XSS)
jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...
AZL-10740 CVE-2022-36033 affecting package jsoup 1.11.3-3
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
AZL-36946 CVE-2022-36033 affecting package jsoup 1.11.3-4
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
DEBIAN-CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
UBUNTU-CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
Cross site scripting
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
jsoup 跨站脚本漏洞
Github jsoup is a Java library for working with real-world HTML. A security vulnerability exists in versions of jsoup prior to 1.15.3, which stems from the possibility that uncleaned input may be retained...
CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
CVE-2022-36033
CVE-2022-36033 affects jsoup, a Java HTML parser. The issue arises when SafeList.preserveRelativeLinks is enabled, allowing crafted javascript: URLs to bypass sanitization and potentially enable XSS if the page lacks a Content Security Policy. The vulnerability is mitigated by updating to jsoup 1...
CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
CVE-2022-36033
jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...
The vulnerability of the SafeList.preserveRelativeLinks parameter in the Java library for analyzing, extracting, and managing data in HTML documents (jsoup) allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability of the SafeList.preserveRelativeLinks parameter in the Java library for analyzing, extracting, and managing data in HTML documents using jsoup is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow attackers to...
PT-2022-4449 · Jsoup +3 · Jsoup +3
Name of the Vulnerable Software and Affected Versions: jsoup versions prior to 1.15.3 Description: The issue is related to the incorrect sanitization of HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If t...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...
Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.7 security update
Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...
jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck
jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...