CVE-2024-40643

Joplin is a free, open source note taking and to-do application. Joplin fails to take into account that "" followed by a non letter character will not be considered html. As such it is possible to do an XSS by putting an "illegal" tag within a tag...

Django has a denial-of-service possibility in strip_tags()

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...