2 matches found
Cross-Site Scripting in marked
Versions 0.3.7 and earlier of marked unescape only lowercase while owsers support both lowercase and uppercase x in hexadecimal form of HTML character entity...
Bleach Design Vulnerability
Bleach is an HTML cleanup library for removing tags and attributes. A security vulnerability exists in version 2.1.x prior to Bleach 2.1.3 that stems from the program failing to properly filter attributes with URI values. An attacker could exploit this vulnerability to obtain sensitive informatio...