regexss

regexss Overly-greedy regex r...

PT-2025-136: Path Traversal in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

PT-2025-135: Local File Read in mPDF

The vulnerability was identified in mPDF, version 2.8.5. The application performs improper validation of data received from the user, which allows an attacker to read files stored on the server. Vulnerability status: Confirmed during research Date of vulnerability discovery: 11.04.2025...

Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting. The vulnerability is due to improper HTML sanitisation in the Director::forceredirect method, leading to potential XSS risks during HTTP redirection...

EventON < 2.2 - Admin + Stored HTML Injection

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed. PoC 1. Go to the Virtual Event - This is a virtual online event. 2...

UBUNTU-CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

USN-6358-1: RedCloth vulnerability

It was discovered that RedCloth incorrectly handled certain inputs during html sanitisation. An attacker could possibly use this issue to cause a denial of service...

note-mark

Note Mark !License: AGPL V3https://img.shields.io/github/li...

MGASA-2020-0381 Updated mediawiki packages fix security vulnerability

Multiple security issues were discovered in MediaWiki: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against brute force attempts CVE-2020-25812,...

Debian DSA-4767-1 : mediawiki - security update

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate limiting against...

[SECURITY] [DSA 4767-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4767-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 25, 2020 https://www.debian.org/security/faq -...

Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. OpenVAS Vulnerability Test $Id: secpodgrooveserverms13-035.nasl 5339 2017-02-18 16:28:22Z cfi $ Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability 2821818 Authors: Antu Sanadi Copyright:...

Microsoft Office Web Apps HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Groove Server HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Products HTML Sanitisation Component XSS Vulnerability (2741517)

This host is missing an important security update according to Microsoft Bulletin MS12-066. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...