9 matches found
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2020-35473
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing RPA by...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078 html-sanitizer allows arbitrary HTML present after sanitization because of unicode normalization
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2024-34078
html-sanitizer is an allowlist-based HTML cleaner. If using keeptypographicwhitespace=False which is the default, the sanitizer normalizes unicode to the NFKC form at the end. Some unicode characters normalize to chevrons; this allows specially crafted HTML to escape sanitization. The problem has...
CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...