mXSS (mutation Cross-Site Scripting) dompurify Dependency in Jira Service Management Data Center and Server

This is a vulnerability in a non-Atlassian Jira Service Management dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS mutation Cross-Site Scripting vulnerability was introduced in version 10.3.0 of Jira...

mXSS (mutation Cross-Site Scripting) dompurify Dependency in Jira Software Data Center and Server

This is a vulnerability in a non-Atlassian Jira dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity nesting-based mXSS mutation Cross-Site Scripting vulnerability was introduced in version 10.3.0 of Jira Software Data Center...

TencentOS Server 3: grafana (TSSA-2024:0734)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0734 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

EUVD-2021-10895

Malware in sbrugna...

EUVD-2024-41608

Malicious code in bioql PyPI...

EUVD-2024-2530

Malicious code in bioql PyPI...

EUVD-2024-0305

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-23974

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affect...

CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

CVE-2021-23974

The DOMParser API did not properly process '' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox 86...

[SECURITY] [DSA 5790-1] node-dompurify security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5790-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 13, 2024 https://www.debian.org/security/faq -...

GHSA-2RWJ-7XQ8-4GX4 Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

FreeBSD : TinyMCE -- mXSS in multiple plugins (9532a361-b84d-11ee-b0d7-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9532a361-b84d-11ee-b0d7-84a93843eb75 advisory. - TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was...

CVE-2023-51652

CVE-2023-51652 affects OWASP AntiSamy .NET prior to 1.2.0, where flawed parsing can enable a mutation XSS (mXSS) if the policy enables preserveComments and allows certain tags. The vulnerability arises from how HTML is parsed during sanitization, potentially executing code in comment contexts. A ...

CVE-2023-48219

Summary of CVE-2023-48219 (TinyMCE): A mutation XSS (mXSS) flaw in TinyMCE’s core undo/redo and related APIs/plugins arises from text nodes in certain parents not being escaped during serialization per HTML standards. If a text node contains a special internal marker, it can combine with other HT...

PT-2023-30737 · Tinymce · Tinymce

Name of the Vulnerable Software and Affected Versions: TinyMCE versions prior to 5.10.9 TinyMCE versions prior to 6.7.3 Description: A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific...

Design/Logic Flaw

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

RHEL 8 : python-lxml (RHSA-2021:1898)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:1898 advisory. lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: mX...

Moderate: Red Hat Security Advisory: python-lxml security update

An update for python-lxml is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

RLSA-2021:1898 Moderate: python-lxml security update

lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Security Fixes: python-lxml: mXSS due to the use of improper parser CVE-2020-27783 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...