9 matches found
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the readStartTag function in the Tokenizer. An attacker can cause the execution of scripts in the context of t...
Regular Expression Denial of Service (ReDoS)
Overview markdown2 is a fast and complete Python implementation of Markdown. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the sortahtmltokenizere regex used in the HTML tokenizer due to improperly constraining quoted attribute values ".?",...
Improper Validation of Syntactic Correctness of Input
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in token.go, which incorrectly interprets tags as closing tags, allowing...
SUSE CVE-2009-4214
Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...
Moderate severity XSS vulnerability that affects rails
Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters,related to HTML::Tokenizer and...
CVE-2009-4214
Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...
CVE-2009-4214
Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...
DEBIAN-CVE-2009-4214
Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...
CVE-2009-4214
CVE-2009-4214 is an XSS vulnerability in Ruby on Rails via the strip_tags path. It affects Rails before 2.2.s and 2.3.x before 2.3.5, allowing remote attackers to inject arbitrary script/HTML using vectors involving non‑printing ASCII characters (related to HTML::Tokenizer and html/node.rb). Expl...