11 matches found
EUVD-2024-0166
Malicious code in bioql PyPI...
CVE-2024-23341
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
Html Injection
tuitse-tsusin is vulnerable to Html Injection. The vulnerability is due to the tuitsehtml function within html.py lacking proper escape or sanitization functionality for user-supplied data when incorporated into HTML output. This could allow attacker to inject malicious HTML or JavaScript code in...
PYSEC-2024-22
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
Input validation
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
CVE-2024-23341 TuiTse-TsuSin html injection vulnerability in `tuitse_html` function
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
CVE-2024-23341
CVE-2024-23341 affects the TuiTse-TsuSin package. Before version 1.3.2, using tuitse_html without quoting the input enables a HTML injection vulnerability. A patch was released in version 1.3.2. Workarounds include sanitizing Taigi input with HTML quotation. Mitigations/impact are described in mu...
CVE-2024-23341 TuiTse-TsuSin html injection vulnerability in `tuitse_html` function
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
CVE-2024-23341 TuiTse-TsuSin html injection vulnerability in `tuitse_html` function
TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using tuitsehtml without quoting the input, there is a html...
TuiTse-TsuSin Cross-Site Scripting Vulnerability
ithuan TuiTse-TsuSin is a library from the Chinese company ithuan. A cross-site scripting vulnerability exists in TuiTse-TsuSin versions prior to 1.3.2, which stems from an html injection vulnerability when using tuitsehtml without quoting input...
PT-2024-19821 · Unknown · Tuitse-Tsusin
Name of the Vulnerable Software and Affected Versions: TuiTse-TsuSin versions prior to 1.3.2 Description: The issue is related to a html injection vulnerability when using tuitse html without quoting the input. This vulnerability can be exploited when the tuitse html function is used without prop...