justhtml introduces denial-of-service hardening

Summary justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification. These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves. Affected versions - justhtml 1.18.0...

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

BIT-JOOMLA-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Fedora: Security Advisory for golang-github-andybalholm-cascadia (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc35

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

[SECURITY] Fedora 36 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc36

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Cross site scripting

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

[SECURITY] Fedora 18 Update: php-symfony2-CssSelector-2.2.10-1.fc18

The CssSelector Component converts CSS selectors to XPath expressions...

Ubuntu Update for thunderbird vulnerabilities USN-958-1

Ubuntu Update for Linux kernel vulnerabilities USN-958-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9581.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-958-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1)

Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-1211, CVE-2010-1212 An integer overflow was...

USN-957-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212 A...

Firefox 3.6 < 3.6.7 Multiple Vulnerabilities

The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute...

Mozilla Firefox 3.5.x < 3.5.11 Multiple Vulnerabilities

Binary data 5606.prm...

Firefox 3.6.x < 3.6.7 Multiple Vulnerabilities

Binary data 800780.prm...