Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

96 matches found

Debian CVE
Debian CVEadded 2024/10/11 2:59 p.m.28 views

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

10CVSS6.1AI score0.01093EPSS
Exploits2
Vulnrichment
Vulnrichmentadded 2024/10/11 2:59 p.m.40 views

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

10CVSS6AI score0.01093EPSS
Exploits2References4
Cvelist
Cvelistadded 2024/10/11 2:59 p.m.35 views

CVE-2024-47875 DOMPurify nesting-based mXSS

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3...

10CVSS0.01093EPSS
Exploits2References4
Tenable Nessus
Tenable Nessusadded 2024/09/17 12:0 a.m.21 views

FreeBSD : SnappyMail -- multiple mXSS in HTML sanitizer (bd940aba-7467-11ef-a5c4-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd940aba-7467-11ef-a5c4-08002784c58d advisory. Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research...

5CVSS5.6AI score0.00284EPSS
Exploits0References3
NVD
NVDadded 2024/09/16 8:15 p.m.12 views

CVE-2024-45800

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

5CVSS0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2024/09/16 7:35 p.m.22 views

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

5CVSS6.5AI score0.00284EPSS
Exploits0References3
OSV
OSVadded 2024/09/16 7:35 p.m.10 views

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

5CVSS6.4AI score0.00284EPSS
Exploits0References5
Cvelist
Cvelistadded 2024/09/16 7:35 p.m.30 views

CVE-2024-45800 Multiple mXSS found in snappymail HTML parser

Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...

5CVSS0.00284EPSS
Exploits0References3
CVE
CVEadded 2024/09/16 7:35 p.m.33 views

CVE-2024-45800

CVE-2024-45800 concerns SnappyMail (Snappymail), a web-based email client. The issue lies in the HTML sanitizer: the cleanHtml() function allows too many invalid HTML elements, which can be coerced by malformed markup into valid markup, enabling a targeted mXSS javascript injection. The documente...

5CVSS5AI score0.00284EPSS
Exploits0References3
FreeBSD
FreeBSDadded 2024/09/16 12:0 a.m.16 views

SnappyMail -- multiple mXSS in HTML sanitizer

Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with incorrect markup to trick the browser to "fi...

5CVSS7AI score0.00284EPSS
Exploits0References1
NVD
NVDadded 2024/08/30 5:15 p.m.23 views

CVE-2024-45047

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

6.1CVSS0.00344EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2024/08/30 4:55 p.m.20 views

CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

5.4CVSS5.9AI score0.00344EPSS
Exploits1References1
CVE
CVEadded 2024/08/30 4:55 p.m.53 views

CVE-2024-45047

CVE-2024-45047 concerns Svelte, a web framework. The vulnerability is described as a mutation-based XSS (mXSS) that can occur due to improper HTML escaping during server-side rendering, specifically when injecting malicious content into an attribute within a noscript tag. Affected versions are up...

6.1CVSS5.6AI score0.00344EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2024/08/30 4:55 p.m.18 views

CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

5.4CVSS0.00344EPSS
Exploits1References1
OSV
OSVadded 2024/08/30 4:55 p.m.8 views

CVE-2024-45047 Potential mXSS vulnerability due to improper HTML escaping in svelte

svelte performance oriented web framework. A potential mXSS vulnerability exists in Svelte for versions up to but not including 4.2.19. Svelte improperly escapes HTML on server-side rendering. The assumption is that attributes will always stay as such, but in some situation the final DOM tree...

5.4CVSS5.8AI score0.00344EPSS
Exploits1References3
OSV
OSVadded 2024/08/06 6:24 p.m.11 views

GHSA-2RWJ-7XQ8-4GX4 Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

6.3CVSS6AI score0.00469EPSS
Exploits1References5
Github Security Blog
Github Security Blogadded 2024/08/06 6:24 p.m.10 views

Qwik has a potential mXSS vulnerability due to improper HTML escaping

Summary A potential mXSS vulnerability exists in Qwik for versions up to 1.6.0. Details Qwik improperly escapes HTML on server-side rendering. It converts strings according to the following rules: https://github.com/QwikDev/qwik/blob/v1.5.5/packages/qwik/src/core/render/ssr/render-ssr.tsL1182-L12...

6.3CVSS5.9AI score0.00469EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2024/08/06 5:52 p.m.14 views

CVE-2024-41677 Cross-site Scripting (XSS) vulnerability due to improper HTML escaping in qwik

Qwik is a performance focused javascript framework. A potential mutation XSS vulnerability exists in Qwik for versions up to but not including 1.6.0. Qwik improperly escapes HTML on server-side rendering. It converts strings according to the rules found in the render-ssr.ts file. It sometimes...

6.3CVSS0.00469EPSS
Exploits1References3
The Hacker News
The Hacker Newsadded 2024/03/21 3:55 a.m.85 views

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An unauthenticated threa...

7.6AI score0.12844EPSS
Exploits0
CVE
CVEadded 2024/02/02 4:32 p.m.220 views

CVE-2024-23635

CVE-2024-23635 affects AntiSamy prior to version 1.7.5, due to flawed HTML parsing when preserveComments is enabled, enabling potential mutation XSS. The connected IBM advisories confirm the issue and indicate the fix is to upgrade AntiSamy to 1.7.5 or newer. Practical impact is cross-site script...

6.1CVSS5.7AI score0.00368EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder