54 matches found
CVE-2026-4406
The CVE concerns Gravity Forms for WordPress (≤ 2.9.30) with a Reflected XSS in the gform_get_config AJAX action via the form_ids parameter. The root cause is that GFCommon::send_json() returns JSON wrapped in HTML comments using echo/wp_die(), sending a text/html header instead of application/js...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers
Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...
EUVD-2005-1971
Malware in sbrugna...
EUVD-2022-6537
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-25887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic ...
Self XSS when sending HTML as a comment in the Deck app
None...
RHEL 9 : podman (RHSA-2023:7765)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7765 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use contain...
Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller
CVE-2023-3519 Inspector The cve20233519inspector.py is a...
K45439210: libxml2 vulnerability CVE-2015-8710
Security Advisory Description The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
SUSE CVE-2015-8710
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service out-of-bounds heap memory access and application crash, or possibly have unspecified other impact via an unclosed HTML comment...
CVE-2022-31743
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an incongruity with other browsers. This could have been used to escape HTML comments on pages that put user-controlled data in them. This vulnerability affects Firefox 101...
GHSA-CGFM-XWP7-2CVR Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
Design/Logic Flaw
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
sanitize-html 安全漏洞
sanitize-html is an open source library from Apostrophe Technologies. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in sanitize-html versions prior to 2.7.1, which stems from an insecure global...
Cross-site Scripting (XSS)
firefox is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to a lack of sanitization of HTML comment tags, resulting in an incongruity with other browsers allowing an attacker to inject maliciously crafted script into the system...