11 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-11888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or...
ROS-20250822-02
A vulnerability in the dom4j open source Java library for XML, XPath and XSLT is related to the improper cleansing of elements and attribute names in XML documents. Exploitation of the vulnerability could Allow an attacker acting remotely to launch an XXE attack on the target system...
SUSE CVE-2015-6031
Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client aka MiniUPnPc before 1.9.20150917 allows remote UPNP servers to cause a denial of service application crash and possibly execute arbitrary code via an "oversized" XML element name...
XSS in python-markdown2
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
PYSEC-2020-65
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
UBUNTU-CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
Cross site scripting
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
CVE-2020-11888
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...
py-markdown2 -- XSS vulnerability
TheGrandPew reports: python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute...