Cross-site Scripting (XSS)

Overview rhukster/dom-sanitizer is an a simple but effective DOM/SVG/MathML Sanitizer for PHP 7.4+. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the sanitize process. An attacker can cause the browser to send HTTP requests to attacker-controlled hosts, exfiltrat...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.178 contained a security vulnerability that stemmed from the reuse of CSS elements after they were released. This vulnerability could allow arbitrary code to be executed within a sandbox through...

GHSA-QVC2-MG72-JJHX JustHTML Affected by Mutation XSS via Literal Text Serialization in Raw Text Elements (style/script)

Summary Sanitized DOM trees can be unsafe to serialize when a custom policy allows raw-text elements such as or . The issue affects DOM trees that are constructed or modified programmatically and then passed through sanitizedom with a policy that keeps these elements. Text nodes inside and are...

Cross-site Scripting (XSS)

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the serialization process of raw-text elements such as script and style when a custom sanitization policy retains these elements. An attacker can...

Improper Encoding or Escaping of Output

Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the hassneakyjavascript function. An attacker can cause external CSS to be loaded or execute scripts in certain browsers by injecting special...

Linux Distros Unpatched Vulnerability : CVE-2019-17672

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements. CVE-2019-17672 Note that Nessus relies on the presence of...

PT-2024-20582 · Ckeditor4 +3 · Ckeditor4 +3

Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.24.0-lts Description: A cross-site scripting vulnerability has been discovered in the core HTML parsing module of CKEditor4. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...

DEBIAN-CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

UBUNTU-CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

PT-2023-8924 · Sanitize +2 · Sanitize +2

Name of the Vulnerable Software and Affected Versions: Sanitize versions 3.0.0 through 6.0.2 Description: The issue is related to the Sanitize HTML and CSS sanitizer, which can be exploited by an attacker using carefully crafted input to sneak arbitrary HTML and CSS through the sanitizer. This...

GO-2022-0588 Cross-site scripting via leaked style elements in github.com/microcosm-cc/bluemonday

The bluemonday HTML sanitizer can leak the contents of a "style" element into HTML output, potentially causing XSS vulnerabilities. The default bluemonday sanitization policies are not vulnerable. Only user-defined policies allowing "select", "style", and "option" elements are affected. Permittin...

Cross-Site Scripting (XSS)

wordpress is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser by storing the malicious code in STYLE elements...

DEBIAN-CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

Cross site scripting

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

UBUNTU-CVE-2019-17672

WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements...

PT-2019-5218 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.4 Description: The issue is related to a stored XSS attack that allows an attacker to inject JavaScript into STYLE elements. This can potentially impact the integrity of the data. The exploitation of this issue...

CVE-2018-5101

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...

UBUNTU-CVE-2018-5101

A use-after-free vulnerability can occur when manipulating floating "first-letter" style elements, resulting in a potentially exploitable crash. This vulnerability affects Firefox 58...