39 matches found
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
CVE-2022-23520
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to...
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
CVE-2022-23518
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...
GHSA-PHJ8-2P6X-HQ5R Joplin Cross Site Scripting Vulnerability via NOSCRIPT tags
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
Cross site scripting
Cross Site Scripting XSS vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html...
Mageia: Security Advisory (MGASA-2021-0260)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-bleach packages fix a security vulnerability
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when "svg" or "math" are in the allowed tags, 'p' or "br" are in allowed tags, "style", "title", "noscript", "script", "textarea", "noframes", "iframe", or "xmp"...
[SECURITY] [DSA 4892-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4892-1] python-bleach security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4892-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 18, 2021 https://www.debian.org/security/faq -...
Fedora: Security Advisory for python-bleach (FEDORA-2020-e0f35d634c)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: python-bleach-3.2.1-1.fc33
Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...
Fedora: Security Advisory for python-bleach (FEDORA-2020-e9c8bdd1e3)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for python-bleach (FEDORA-2020-e1fa96c506)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: python-bleach-3.1.4-2.fc32
Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...
[SECURITY] Fedora 31 Update: python-bleach-3.1.4-2.fc31
Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...
[SECURITY] Fedora 30 Update: python-bleach-3.1.4-2.fc30
Bleach is an HTML sanitizing library that escapes or strips markup and attributes based on a white list...
Fedora: Security Advisory for python-bleach (FEDORA-2020-827b677e15)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] [DLA 2167-1] python-bleach security update
Package : python-bleach Version : 1.4-1+deb8u1 CVE ID : CVE-2020-6817 Debian Bug : 955388 A vulnerability was discovered in python-bleach, a whitelist-based HTML-sanitizing library. Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to a regular expression...
Debian DSA-4643-1 : python-bleach - security update
It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when strip=False and 'math' or 'svg' tags and one or more of the RCDATA tags were whitelisted. C Tenable Network Security, Inc. The descriptive text and package...