GHSA-8266-84WP-WV5C Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

Svelte has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential XSS vulnerability exists in Svelte for versions prior to 4.2.19. Details Svelte improperly escapes HTML on server-side rendering. It converts strings according to the following rules: - If the string is an attribute value: - " - " - & - & - Other characters - No conversion -...

CVE-2023-51652

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

Cross site scripting

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

GHSA-PCF2-GH6G-H5R2 mXSS in AntiSamy

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result,...

PT-2023-8390 · Antisamy +1 · Antisamy +1

Name of the Vulnerable Software and Affected Versions: AntiSamy versions prior to 1.7.4 Description: The issue is related to a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability, the preserveComments directive must...

SUSE CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

SUSE CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

DEBIAN-CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

Design/Logic Flaw

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

PYSEC-2020-27

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

UBUNTU-CVE-2020-6802

In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option...

GHSA-Q65M-PV3F-WR5R XSS in Bleach when noscript and raw tag whitelisted

Impact A mutation XSS affects users calling bleach.clean with noscript and a raw tag see below in the allowed/whitelisted tags option. Patches v3.1.1 Workarounds modify bleach.clean calls to not whitelist noscript and one or more of the following raw tags: title textarea script style noembed...

PT-2020-6808 · Mozilla +1 · Bleach +1

Name of the Vulnerable Software and Affected Versions: Mozilla Bleach versions prior to 3.11 Description: The issue exists due to inadequate protection of web page structure. Exploitation can allow a remote attacker to conduct a cross-site scripting XSS attack. A mutation XSS affects users callin...

Information Exposure

OWASP Java HTML Sanitizer is vulnerable to Information Exposure. The vulnerability is due to improper handling of crafted FORM elements within a NOSCRIPT tag when JavaScript is disabled, which allows an attacker to obtain sensitive information through user-assisted interaction...