14 matches found
CVE-2026-58472 GNU Wget 1.25.0 Heap Buffer Overflow via HTML Attribute Encoding
GNU Wget through 1.25.0, fixed in commit dd692d9, contains a heap buffer overflow vulnerability in the htmlquotestring function in src/convert.c that allows a remote attacker to trigger memory corruption by supplying a crafted HTML attribute with a large number of characters requiring entity...
PT-2026-56241
Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit dd692d9 Description A heap buffer overflow occurs in the html quote string function within src/convert.c. A remote attacker can trigger memory corruption by providing a crafted HTML attribute containing...
CVE-2026-39333
ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input DateStart and DateEnd into HTML input field attributes without proper output encoding for the HTML attribute context. An authenticated attacker can craft a malicious U...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
Mozilla: Integer overflow could have led to out of bounds write
The Mozilla Foundation Security Advisory describes this flaw as: AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
Cross-Site Scripting
I've picked up on the work started over at 276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggested earlier so that all attributes are...
Cross-Site Scripting
I've picked up on the work started over at https://github.com/erusev/parsedown/pull/276 and rebased on erusev/master. Since this is rebased on master, I can't point at PR at naNuke/master without running into the merge conflicts that I've already resolved manually. I've implemented what I suggest...