Lucene search
K

158 matches found

OSV
OSV
added 2022/09/01 10:14 p.m.4 views

GHSA-GP7F-RWCX-9369 jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled

jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted wi...

6.1CVSS6.5AI score0.01208EPSS
Exploits1References6
Veracode
Veracode
added 2022/08/30 7:7 a.m.65 views

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...

6.1CVSS6.8AI score0.01208EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/08/29 5:15 p.m.3 views

AZL-10740 CVE-2022-36033 affecting package jsoup 1.11.3-3

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.5AI score0.01208EPSS
Exploits1References1
NVD
NVD
added 2022/08/29 5:15 p.m.30 views

CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS0.01208EPSS
Exploits1References4
OSV
OSV
added 2022/08/29 5:15 p.m.6 views

AZL-36946 CVE-2022-36033 affecting package jsoup 1.11.3-4

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.4AI score0.01208EPSS
Exploits1References1
OSV
OSV
added 2022/08/29 5:15 p.m.2 views

DEBIAN-CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.1AI score0.01208EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2022/08/29 5:15 p.m.33 views

CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.6AI score0.01208EPSS
Exploits1References4
OSV
OSV
added 2022/08/29 5:15 p.m.5 views

UBUNTU-CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.5AI score0.01208EPSS
Exploits1References5
Prion
Prion
added 2022/08/29 5:15 p.m.47 views

Cross site scripting

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

5.8CVSS7.1AI score0.01208EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/08/29 12:0 a.m.21 views

CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.3AI score0.01208EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/08/29 12:0 a.m.2 views

jsoup 跨站脚本漏洞

Github jsoup is a Java library for working with real-world HTML. A security vulnerability exists in versions of jsoup prior to 1.15.3, which stems from the possibility that uncleaned input may be retained...

6.1CVSS6.8AI score0.01208EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2022/08/29 12:0 a.m.4 views

CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.2AI score0.01208EPSS
Exploits1References4
CVE
CVE
added 2022/08/29 12:0 a.m.511 views

CVE-2022-36033

CVE-2022-36033 affects jsoup, a Java HTML parser. The issue arises when SafeList.preserveRelativeLinks is enabled, allowing crafted javascript: URLs to bypass sanitization and potentially enable XSS if the page lacks a Content Security Policy. The vulnerability is mitigated by updating to jsoup 1...

6.1CVSS6.2AI score0.01208EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/08/29 12:0 a.m.43 views

CVE-2022-36033 jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS6.3AI score0.01208EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2022/08/29 12:0 a.m.39 views

CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

6.1CVSS7.1AI score0.01208EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2022/08/26 12:0 a.m.6 views

The vulnerability of the SafeList.preserveRelativeLinks parameter in the Java library for analyzing, extracting, and managing data in HTML documents (jsoup) allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability of the SafeList.preserveRelativeLinks parameter in the Java library for analyzing, extracting, and managing data in HTML documents using jsoup is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability can allow attackers to...

9.4CVSS5.2AI score0.01208EPSS
Exploits1References2Affected Software4
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.3 views

PT-2022-4449 · Jsoup +3 · Jsoup +3

Name of the Vulnerable Software and Affected Versions: jsoup versions prior to 1.15.3 Description: The issue is related to the incorrect sanitization of HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If t...

9.4CVSS7.9AI score0.01208EPSS
Exploits1References27
RedHat Linux
RedHat Linux
added 2022/08/04 4:46 a.m.6 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.92 views

Moderate: Red Hat Security Advisory: Red Hat Integration Camel Extensions for Quarkus 2.7 security update

Red Hat Integration Camel Extensions for Quarkus 2.7 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whic...

9.8CVSS6.8AI score0.07934EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 2022/07/19 1:40 p.m.4 views

jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck

jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck loop indefinitely until...

7.5CVSS6.7AI score0.06873EPSS
Exploits0References5
Rows per page
Query Builder