49 matches found
DEBIAN-CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
PYSEC-2021-849
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
Design/Logic Flaw
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
PYSEC-2021-849
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
UBUNTU-CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python in pybluemonday, does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements...
CVE-2021-42576
CVE-2021-42576 affects the bluemonday HTML sanitizer. The issue is that policies for the STYLE, SELECT and OPTION elements are not properly enforced in bluemonday before versions 1.0.16 (Go) and 0.0.8 (Python/pybluemonday). Root cause: policy enforcement gaps allow disallowed styling to leak into...
David Kitchen bluemonday 安全漏洞
David Kitchen bluemonday is a David Kitchen open source application . HTML cleaner for implementation in Go. A security vulnerability exists in bluemonday sanitizer, which originates in bluemonday before 1.0.16 in Go and before 0.0.8 in Python in pybluemonday, that does not correctly enforce the...
FreeBSD : gitea -- multiple vulnerabilities (943d23b6-e65e-11eb-ad30-0800273f11ea)
The Gitea Team reports for release 1.14.5 : - Hide mirror passwords on repo settings page 16022 16355 - Update bluemonday to v1.0.15 16379 16380 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML databa...
GO-2022-0762 Cross-site scripting due to incorrect sanitization in github.com/microcosm-cc/bluemonday
An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the tag...
Cross-site scripting in bluemonday
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...
GHSA-3X58-XR87-2FCJ Cross-site scripting in bluemonday
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...
gitea -- multiple vulnerabilities
The Gitea Team reports for release 1.13.7: Update to bluemonday-1.0.6 Clusterfuzz found another way...
CVE-2021-29272
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...
CVE-2021-29272
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...
CVE-2021-29272
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...
Design/Logic Flaw
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...