60 matches found
Cross-site Scripting in comrak
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
GHSA-6WJ2-G87R-PM62 Cross-site Scripting in comrak
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
Cross site scripting in comrak
An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
GHSA-XMR7-V725-2JJR Cross site scripting in comrak
An issue was discovered in the comrak crate before 0.9.1 for Rust. Cross site scripting XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
Mozilla Rust Cross-Site Scripting Vulnerability (CNVD-2021-61406)
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
Design/Logic Flaw
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
CVE-2021-38186
An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via & HTML entities...
CVE-2021-38186
The CVE-2021-38186 entry concerns the comrak crate for Rust, affected in versions before 0.10.1. The issue stems from improper handling of the & character, which can cause cross-site scripting (XSS) via HTML entities like &#. The vulnerability is described across multiple sources (e.g., Red Hat, ...
Rust 跨站脚本漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in comrak crate in versions of Mozilla Rust prior to 0.10.1, which could be exploited by an attacker to execute the script in a Web browser in the secure context of a...
RUSTSEC-2021-0063 XSS in `comrak`
comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...
XSS in `comrak`
comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...
Mozilla Rust Cross-Site Scripting Vulnerability
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...
CVE-2021-27671
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
Design/Logic Flaw
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
CVE-2021-27671
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing for example Data: to be used in an attack...
CVE-2021-27671
The CVE-2021-27671 issue affects the comrak crate for Rust (pre-0.9.1). The root cause is a case-sensitive protection check for data: and javascript: URLs, allowing data: URLs to bypass the guard and enable cross-site scripting (XSS). This is described consistently across sources (NVD entry and R...
Mozilla Rust 跨站脚本漏洞
Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...
RUSTSEC-2021-0026 XSS in `comrak`
The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched...