Lucene search
+L

85 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:16 a.m.4 views

CVE-2024-53847

The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting XSS + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's...

5.1CVSS5.5AI score0.00444EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:43 a.m.12 views

CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS5.8AI score0.00473EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/03/10 2:46 p.m.16 views

Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

6.1CVSS6.8AI score0.00583EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2023-43643

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a...

6.1CVSS6.6AI score0.00473EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 3:2 p.m.14 views

CVE-2020-27176

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of...

9.6CVSS6.2AI score0.04881EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/10/23 12:0 a.m.31 views

AlmaLinux 8 : grafana (ALSA-2024:8327)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:8327 advisory. golang-fips: Golang FIPS zeroed buffer CVE-2024-9355 dompurify: nesting-based mutation XSS vulnerability CVE-2024-47875 Tenable has extracted the precedin...

10CVSS7.8AI score0.01093EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2024/02/02 5:15 p.m.22 views

CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS6.7AI score0.00368EPSS
Exploits0References2
OSV
OSV
added 2024/02/02 5:15 p.m.3 views

UBUNTU-CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS6.1AI score0.00368EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2024/02/02 4:32 p.m.50 views

CVE-2024-23635

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS6.6AI score0.00368EPSS
Exploits0
OSV
OSV
added 2024/02/02 4:32 p.m.28 views

CVE-2024-23635 AntiSamy malicious input can provoke XSS when preserving comments

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS5.8AI score0.00368EPSS
Exploits0References3
NVD
NVD
added 2023/10/09 2:15 p.m.28 views

CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS6.2AI score0.00473EPSS
Exploits1References2
OSV
OSV
added 2023/10/09 2:15 p.m.4 views

UBUNTU-CVE-2023-43643

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

6.1CVSS6.6AI score0.00473EPSS
Exploits1References5
CVE
CVE
added 2023/10/09 1:31 p.m.112 views

CVE-2023-43643

CVE-2023-43643 concerns AntiSamy, a library for cleansing HTML. The connected documents confirm a mutation XSS (mXSS) vulnerability in Ant iSamy prior to 1.7.4 when preserveComments is enabled and certain tags are allowed, allowing crafted inputs to make comment-tag elements executable in sanitiz...

6.1CVSS6.2AI score0.00473EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/10/09 12:42 a.m.4 views

GHSA-PCF2-GH6G-H5R2 mXSS in AntiSamy

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result,...

6.1CVSS5.7AI score0.00473EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/10/09 12:0 a.m.5 views

PT-2023-8390 · Antisamy +1 · Antisamy +1

Name of the Vulnerable Software and Affected Versions: AntiSamy versions prior to 1.7.4 Description: The issue is related to a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability, the preserveComments directive must...

6.4CVSS5.9AI score0.00473EPSS
Exploits1References19
OSV
OSV
added 2023/02/16 10:15 p.m.30 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS5.9AI score0.00483EPSS
Exploits1References2
OSV
OSV
added 2023/02/16 10:15 p.m.5 views

DEBIAN-CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS7.2AI score0.00483EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2023/02/16 10:15 p.m.27 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS6.9AI score0.00483EPSS
Exploits1References6
Prion
Prion
added 2023/02/16 10:15 p.m.23 views

Design/Logic Flaw

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

5.8CVSS6AI score0.00483EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/02/16 12:0 a.m.44 views

CVE-2021-23980

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.2AI score0.00483EPSS
Exploits1References2
Rows per page
Query Builder