EUVD-2020-18750

Malware in sbrugna...

EUVD-2024-2953

Malicious code in bioql PyPI...

CVE-2025-26443

In parseHtml of HtmlToSpannedParser.java, there is a possible way to install apps without allowing installation from unknown sources due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for...

Linux Distros Unpatched Vulnerability : CVE-2024-9506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability. CVE-2024-9506 Note that Nessus...

GHSA-5J4C-8P2G-V4JX ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function

The ReDoS can be exploited through the parseHTML function in the html-parser.ts file. This flaw allows attackers to slow down the application by providing specially crafted input that causes inefficient processing of regular expressions, leading to excessive resource consumption. To demonstrate...

CVE-2024-9506

A flaw was found in Vue.js. Within the parseHTML function of html-parser.ts, there is a regular expression regex to check for proper closing tags for HTML. However, due to an improperly written regex, when you pass a script containing long text, it will trigger a regular expression denial of...

CVE-2024-9506

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability...

CVE-2024-9506 Regular Expression Denial of Service (ReDoS)

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability...

CVE-2024-9506

CVE-2024-9506 describes an improper regular expression in Vue’s parseHTML function, causing a potential ReDoS. The available connected sources confirm the vulnerable component is Vue's HTML parsing (parseHTML/html-parser.ts) and cite a low CVSS v3.1 base score (3.7) with impact on availability. C...

CVE-2024-9506 Regular Expression Denial of Service (ReDoS)

Improper regular expression in Vue's parseHTML function leads to a potential regular expression denial of service vulnerability...

BIT-MEDIAWIKI-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...

CVE-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...

CVE-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...

Cross site scripting

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...

CVE-2020-26120

The CVE-2020-26120 entry is supported by connected documentation: MediaWiki MobileFrontend prior to 1.34.4 is affected by an XSS due to mishandling of section.line during regex replacement in PageGateway. An attacker can craft HTML that triggers XSS via jQuery.parseHTML, causing image callbacks t...

PT-2020-16299 · Jquery +2 · Jquery +2

Name of the Vulnerable Software and Affected Versions: MediaWiki MobileFrontend extension versions prior to 1.34.4 Description: The issue exists due to the mishandling of section.line during regex section line replacement from PageGateway. An attacker can exploit this by using crafted HTML to...

Starbucks: DOM-based XSS in store.starbucks.co.uk on IE 11

We've found DOM XSS on store.starbucks.co.uk and other related domains such as store.starbucks.fr and store.starbucks.ca. It appears to be a JQuery based DOM XSS in the parseHTML sink. In order to trigger the XSS you need to use IE11 and the PoC will visit the url first, wait 5 seconds and then...