CVE-2022-0691

An authorization bypass flaw was found in url-parse. This flaw allows a local unauthenticated attacker to add a backspace character \b while submitting a URL. This vulnerability can enable bypassing any hostname checks...

DEBIAN-CVE-2013-4567

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...

CVE-2013-4567

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...

CVE-2013-4567

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via a \b backspace character in CSS...

backspace_between_dots

This evasion plugin inserts an A and a backspace control character between dots which cancel each other when they are processed and some filters that match ../ are bypassed. Example: Input: ../../etc/passwd Output: .%41%08./.%41%08./etc/passwd Plugin type Evasion Options This plugin doesnt have a...

Multiple XSS vulnerabilities from character encoding — Mozilla

WebKit developer Alexey Proskuryakov reported that the Mozilla HTML parser treated the backspace character as whitespace contrary to the HTML specification and different from other browsers. This difference might lead to Cross-site Scripting XSS risks on sites which filtered input in accordance...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including 1 a backspace character that is treated as...

CVE-2008-0416

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including 1 a backspace character that is treated as...

About 9 lines of code cause the system to crash analysis-vulnerability warning-the black bar safety net

At present, many places are reproduced with the use of 9 lines of code history windows crash of the article, but I found no information about why would make windows crash analysis. I'll take the original for everyone to see. Then put the specific details in the way. Microsoft has claimed that...