Cross-site Scripting (XSS)

Overview HtmlSanitizer is a Cleans HTML from constructs that can be used for cross site scripting XSS. Affected versions of this package are vulnerable to Cross-site Scripting XSS when it is configured to allow foreign content, specifically svg or math elements. Notes: 1 This is only exploitable ...

Fedora 31 : roundcubemail (2020-b1e023936e)

RELEASE 1.4.8 - Security: Fix potential XSS issue in HTML editor of the identity signature input 7507 - Managesieve: Fix too-small input field in Elastic when using custom headers 7498 - Fix support for an error as a string in messagebeforesend hook 7475 - Elastic: Fix redundant scrollbar in plai...

Updated roundcubemail packages fix security vulnerabilities

Fix potential XSS issue in HTML editor of the identity signature input Fix cross-site scripting XSS via HTML messages with malicious svg content CVE-2020-16145 Fix cross-site scripting XSS via HTML messages with malicious math content...

DEBIAN-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

UBUNTU-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...