2 matches found
GHSA-JVF5-RXVV-3MCG TYPO3 HTML Sanitizer allows Cross-site Scripting
When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...
WordPress 插件跨站脚本漏洞
WordPress Plugin is a WordPress open source application plugin . A cross-site scripting vulnerability exists in WordPress Elementor Addons-PowerPack Addons for Elementor plugin versions prior to 2.3.2. An attacker can exploit this vulnerability to launch a cross-site scripting attack...