2 matches found
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
...
pidgin: Finch XMPP MUC Crash
libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user chat MUC room is used, does not properly parse nicknames containing sequences, which allows remote attackers to cause a denial of service application crash via a crafted nickname...