CData RSB Connect 代码问题漏洞

CData RSB Connect is a connector from CData Corporation. A security vulnerability exists in CData RSB Connect version v22.0.8336 that stems from the inclusion of a server-side request forgery SSRF vulnerability...

GHSA-XRQQ-WQH4-5HG2 svg-sanitizer has Cross-site Scripting Bypass

Update In 88 we have determined that the bypass this security advisory was created for, was a false positive and as such we have requested that the CVE be rejected. A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be...

svg-sanitizer has Cross-site Scripting Bypass

Update In 88 we have determined that the bypass this security advisory was created for, was a false positive and as such we have requested that the CVE be rejected. A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be...

CVE-2023-28426

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: GHSA-xrqq-wqh4-5hg2. Reason: Further investigation showed that this CVE was assigned in error. Notes: See https://github.com/darylldoyle/svg-sanitizer/issues/88 for a technical discussion...

PT-2023-21712 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: savg-sanitizer versions prior to 0.16.0 Description: A bypass has been found in the savg-sanitizer library that allows an attacker to upload an SVG with persistent cross-site scripting. The issue arises from incorrect sanitization of HTML...

SUSE CVE-2009-5065

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

SUSE CVE-2015-7580

Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

Cross site scripting

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite up to version 7.10.6 is affected by a cross-site scripting (XSS) vulnerability (CVE-2022-37307) that can be triggered via XHTML CDATA in a snippet, demonstrated by the onerror attribute of an IMG element in an email signature. The root cause is an injection possibility in the fronten...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

CVE-2022-37307

OX App Suite through 7.10.6 allows XSS via XHTML CDATA for a snippet, as demonstrated by the onerror attribute of an IMG element within an e-mail signature...

PT-2022-23914 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for cross-site scripting XSS via XHTML CDATA for a snippet. This can be demonstrated by the onerror attribute of an IMG element within an e-mail signature. Recommendations...

CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

Stack overflow

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

UBUNTU-CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

CVE-2022-23516

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0, 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a...

Denial Of Service (DoS)

loofah is vulnerable to denial of service. The vulnerability exists due to uncontrolled recursion used in the CDATA sections of the library, which allows an attacker to cause an application crash through malicious input...

Cross-site Scripting (XSS)

typo3/html-sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the CDATA and HTML raw text elements, allowing an attacker to inject and execute malicious JavaScript...