3 matches found
SUSE CVE-2025-32873
An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...
SUSE CVE-2009-3627
The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...
Cross-Site Scripting in "SVG Sanitizer" (svg_sanitizer)
Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it is still evaluated in browsers can lead to Cross-Site Scripting...