4 matches found
CVE-2025-22872 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
CVE-2025-22872
CVE-2025-22872 involves the HTML tokenizer and related parsing logic where unquoted attribute values ending with a slash (/) are misinterpreted as self-closing tags. This only affects tags in foreign content (e.g., , ) and can cause incorrect DOM scope during parsing when using the Tokenizer dire...
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-08229)
livehelperchat is available via Live Helper Chat, which provides free live support on the website. livehelperchat suffers from a cross-site scripting vulnerability that stems from livehelperchat being vulnerable to incorrect neutralization during page generation. No detailed vulnerability details...
Calibre-Web Cross-Site Scripting Vulnerability (CNVD-2022-21489)
Calibre-Web is a web application for browsing, reading and downloading eBooks from the Calibre database.A vulnerability exists in Calibre-Web cross-site scripting that is vulnerable to incorrect neutralization of input during web page generation. No details of the vulnerability are currently...