CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-35914

CVE-2022-35914 affects GLPI’s htmlawed integration via htmLawedTest.php, enabling PHP code injection. Exploit PoCs exist (PoC scripts and reports in Exploit-DB and GitHub repos) demonstrating remote code execution potential. CVSS v3.1 base score 9.8 (C/H I/H A/H) with network attack vector and no...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

PT-2022-23020

Name of the Vulnerable Software and Affected Versions GLPI versions prior to 10.0.3 Description The htmlawed module in GLPI contains an issue related to improper input validation and code generation management. This allows a remote attacker to perform PHP code injection via the endpoint...

Fedora 22 : php-htmLawed-1.1.21-1.fc22 (2016-0a1a2dd98d)

Version 1.1.21 - 27 February 2016. Improvement and security fix in transforming 'font' element. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possib...

Fedora 23 : php-htmLawed-1.1.21-1.fc23 (2016-6b977c4737)

Version 1.1.21 - 27 February 2016. Improvement and security fix in transforming 'font' element. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possib...

[SECURITY] Fedora 22 Update: php-htmLawed-1.1.21-1.fc22

PHP code to purify and filter HTML make HTML markup in text secure and standard-compliant process text for use in HTML, XHTML or XML documents restrict HTML elements, attributes or URL protocols using black or white-lists balance tags, check element nesting, transform deprecated attributes and...

Fedora Update for php-htmLawed FEDORA-2016-0

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-htmLawed FEDORA-2016-6

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for php-htmLawed FEDORA-2015-10139

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 22 : php-htmLawed-1.1.20-1.fc22 (2015-10139)

1.1.20 - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-HTML4 standard 'allowfullscreen' attribute of 'iframe.' Note that...

Fedora 21 : php-htmLawed-1.1.20-1.fc21 (2015-10169)

1.1.20 - 9 June 2015. Fix for a potential security vulnerability arising from unescaped double-quote character in single-quoted attribute value of some deprecated elements when tag transformation is enabled; recognition for non-HTML4 standard 'allowfullscreen' attribute of 'iframe.' Note that...

Fedora Update for php-htmLawed FEDORA-2015-10169

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vanilla Forums 2.1.1 Cross Site Scripting

The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag onerror event, that leads to stored XSS. I notified the developers of existing vulnerabilities and they closed it in version 2.1.1 proof:...

CVE-2010-4646

Cross-site scripting XSS vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter...

CVE-2010-4364

DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting XSS attacks via the 1 html content and 2 richeditor fields. NOTE: some of the...

Cross site scripting

DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting XSS attacks via the 1 html content and 2 richeditor fields. NOTE: some of the...

CVE-2010-4364

DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does not include the htmLawed library, which allows remote attackers to bypass the protection mechanism for CVE-2010-4355 and conduct cross-site scripting XSS attacks via the 1 html content and 2 richeditor fields. NOTE: some of the...

CVE-2010-4364

DaDaBIK 4.3 beta3 is affected when run in a case-sensitive environment where the htmLawed library is not included. This root cause (missing htmLawed) enables cross-site scripting (XSS) by manipulating (1) HTML content and (2) rich_editor fields, and it can bypass the protection mechanism tied to ...