50 matches found
EUVD-2017-0061
Malware in sbrugna...
EUVD-2017-0060
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-9910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special...
Linux Distros Unpatched Vulnerability : CVE-2016-9909
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than...
SUSE CVE-2016-9909
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
SUSE CVE-2016-9910
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
mezzanine (>=3.0.0 <=3.0.4) potentially affected by CVE-2016-9909 via html5lib (=0.95.0)
html5lib PYPI version =0.95.0 is affected by a known vulnerability. The following packages have a transitive dependency on html5lib and may be impacted: - mezzanine =3.0.0, =3.0.4 Source cves: CVE-2016-9909 Source advisory: OSV:GHSA-V9V9-XFFQ-RWR4...
GHSA-V9V9-XFFQ-RWR4 Improper Neutralization of Input During Web Page Generation in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
Improper Neutralization of Input During Web Page Generation in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...
Cross-site Scripting in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
GHSA-8F6M-GFQ9-G33V Cross-site Scripting in html5lib
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909...
mezzanine (>=3.0.0 <=3.0.4) potentially affected by CVE-2016-9910 via html5lib (=0.95.0)
html5lib PYPI version =0.95.0 is affected by a known vulnerability. The following packages have a transitive dependency on html5lib and may be impacted: - mezzanine =3.0.0, =3.0.4 Source cves: CVE-2016-9910 Source advisory: OSV:GHSA-8F6M-GFQ9-G33V...
Mageia: Security Advisory (MGASA-2017-0001)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 30 Update: rubygem-loofah-2.2.3-4.fc30
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization XSS prevention. It includes some nice HTML sanitizers, which are based on HTML5lib's...
[SECURITY] Fedora 31 Update: rubygem-loofah-2.2.3-4.fc31
Loofah is a general library for manipulating and transforming HTML/XML documents and fragments. It's built on top of Nokogiri and libxml2, so it's fast and has a nice API. Loofah excels at HTML sanitization XSS prevention. It includes some nice HTML sanitizers, which are based on HTML5lib's...
Cangibrina v0.8.7 - A Fast And Powerfull Dashboard (Admin) Finder
Dashboard Finder Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone...
Cangibrina: A Domain Admin Dashboard Finder!
PenTestIT RSS Feed This is a short post about an open source domain administrative dashboard finder - Cangibrina that is coded in Python. The name Cangibrina is Brazilian for Cachaça in local slang, which is a distilled spirit made from fermented sugarcane juice. What is Cangibrina? Cangibrina is...
Cross-Site Scripting (XSS)
html5lib is vulnerable to cross-site scripting XSS attacks. It is because the html serializer does not properly handle the less than characters in attribute values...
Cangibrina - A Fast And Powerfull Dashboard (Admin) Finder
Cangibrina is a multi platform tool which aims to obtain the Dashboard of sites using brute-force over wordlist, google, nmap, and robots.txt Requirements: Python 2.7 mechanize PySocks beautifulsoup4 html5lib Nmap --nmap TOR --tor Install: Linux git clone http://github.com/fnk0c/cangibrina.git cd...
Cross site scripting
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting XSS attacks by leveraging mishandling of the less than character in attribute values...