55 matches found
EUVD-2018-0515
Malware in sbrugna...
EUVD-2018-0657
Malware in sbrugna...
EUVD-2021-1654
Malware in sbrugna...
EUVD-2022-1609
Malicious code in bioql PyPI...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
Linux Distros Unpatched Vulnerability : CVE-2022-28367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed...
cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), cn.herodotus.engine:access-core (>=2.7.2.3 <=3.2.2.1) +834 more potentially affected by CVE-2024-23635 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.7.4)
org.owasp.antisamy:antisamy MAVEN version =1.4.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =3.1.7.3, =2.7.2.3, =2.7.2.3, =2.7.2.3, =2.7.0.0, =3.1.5.1, =2.7.0.Beta1, =2.7.0.0, =2.7.0.Beta1, =2.7.0.0, =2.7.0.0, =3.2.2.1 and more Source cves: CVE-2024-23635 Source advisory: OSV:GHSA-2MRQ-W8PV-5PVQ...
Mutation Cross Site Scripting (mXSS)
OWASP AntiSamy is vulnerable to Mutation Cross Site Scripting mXSS. The vulnerability is due to improper parsing of HTML when the preserveComments directive is enabled in the policy. This issue can be exploited by an attacker by injecting malicious input to execute arbitrary JavaScript...
CVE-2023-51652
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
Cross site scripting
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
CVE-2023-51652
CVE-2023-51652 affects OWASP AntiSamy .NET prior to 1.2.0, where flawed parsing can enable a mutation XSS (mXSS) if the policy enables preserveComments and allows certain tags. The vulnerability arises from how HTML is parsed during sanitization, potentially executing code in comment contexts. A ...
CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
CVE-2023-51652 OWASP.AntiSamy mXSS when preserving comments
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerabilit...
cn.acooly:acooly-auth-wechat-authenticator (=5.2.1), cn.herodotus.engine:assistant-sdk-jackson (>=2.7.0.Beta1 <=2.7.0.Beta2) +523 more potentially affected by CVE-2022-29577 via org.owasp.antisamy:antisamy (>=1.4.3 <=1.6.6.1)
org.owasp.antisamy:antisamy MAVEN version =1.4.3, =2.7.0.Beta1, =2.7.0.Beta3, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta1, =2.7.0.Beta3, =2.7.0.Beta4 - cn.herodotus.engine:oauth2-sdk-authorization-ui =2.7.0.Beta3 and...
GHSA-G9HH-VVX3-V37V Denial of service in HtmlUnit-Neko
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
Cross-site Scripting in OWASP AntiSamy
AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS conten...
Denial of service in HtmlUnit-Neko
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...
CVE-2022-28367
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets CSS content...
CVE-2022-28366
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...