CVE-2023-51652

CVE-2023-51652 affects OWASP AntiSamy .NET prior to 1.2.0, where flawed parsing can enable a mutation XSS (mXSS) if the policy enables preserveComments and allows certain tags. The vulnerability arises from how HTML is parsed during sanitization, potentially executing code in comment contexts. A ...

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments

OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...

GHSA-PVVF-569H-5779

creationtimestamp| type| source ---|---|--- 2024-01-02 04:10:32+00:00| seen| https://t.me/arpsyndicate/2314...

GHSA-6MJG-37CP-42X5

creationtimestamp| type| source ---|---|--- 2024-01-01 15:06:54+00:00| seen| https://t.me/ctinow/161322...

GHSA-7787-P7X6-FQ3J

creationtimestamp| type| source ---|---|--- 2023-12-31 14:11:18+00:00| seen| https://t.me/ctinow/161086...

GHSA-4J8W-P6HV-3QXC

creationtimestamp| type| source ---|---|--- 2023-12-29 20:46:41+00:00| seen| https://t.me/ctinow/160674...

GHSA-F8JP-2QGX-V4HF

creationtimestamp| type| source ---|---|--- 2023-12-29 11:50:05+00:00| seen| https://t.me/arpsyndicate/2245...

GHSA-X3F3-J7QH-9WGJ

creationtimestamp| type| source ---|---|--- 2023-12-29 11:35:52+00:00| seen| https://t.me/arpsyndicate/2242...

GHSA-CVG5-HJH8-246X

creationtimestamp| type| source ---|---|--- 2023-12-29 09:19:16+00:00| seen| https://t.me/arpsyndicate/2223...

GHSA-F5VV-HCGF-XVXQ

creationtimestamp| type| source ---|---|--- 2023-12-29 08:53:18+00:00| seen| https://t.me/arpsyndicate/2217...

GHSA-WQQW-R8C5-J67C

creationtimestamp| type| source ---|---|--- 2023-12-22 08:51:31+00:00| seen| https://t.me/ctinow/158244...

GHSA-G2GP-X888-6XRJ

creationtimestamp| type| source ---|---|--- 2023-12-22 08:21:46+00:00| seen| https://t.me/ctinow/158236...

GHSA-3F39-6537-3CGC

creationtimestamp| type| source ---|---|--- 2023-12-20 12:36:53+00:00| seen| https://t.me/ctinow/156931...

GHSA-HFMC-7525-MJ55

creationtimestamp| type| source ---|---|--- 2023-12-18 20:31:41+00:00| seen| https://t.me/ctinow/156090...

GHSA-3P6J-M8J2-M6RC

creationtimestamp| type| source ---|---|--- 2023-11-22 17:10:36+00:00| seen| https://t.me/arpsyndicate/359...

GHSA-QQVQ-6XGJ-JW8G

creationtimestamp| type| source ---|---|--- 2023-11-21 07:53:58+00:00| seen| https://t.me/arpsyndicate/313...

@glarus-labs/vendure-social-auth (>=0.0.1 <=0.1.1), @mirahi/vendure-adyen-dropin-plugin (>=0.0.1 <=0.0.5) +40 more potentially affected by unknown CVE via @vendure/core (>=0.11.1 <=2.1.2)

@vendure/core NPM version =0.11.1, =0.0.1, =0.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.1.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WM63-7627-CH33...

Malicious code in vader-pack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f1011ad5820edf4133971eeebc94ab36b715c17b0f12059f941506ec89ec64e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

GHSA-7C2Q-5QMR-V76Q DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998

Impact ESAPI 2.5.2.0 and later addressed the DoS vulnerability described in CVE-2023-24998, which Apache Commons FileUpload 1.5 attempted to remediate. But while writing up a new security bulletin regarding the impact on the affected ESAPI HTTPUtilities.getFileUploads methods or more specifically...