GHSA-V2P6-4MP7-3R9V Regular Expression Denial of Service in underscore.string

Versions of underscore.string prior to 3.3.5 are vulnerable to Regular Expression Denial of Service ReDoS. The function unescapeHTML is vulnerable to ReDoS due to an overly-broad regex. The slowdown is approximately 2s for 50,000 characters but grows exponentially with larger inputs. Recommendati...

PT-2014-1801

Name of the Vulnerable Software and Affected Versions lxml versions prior to 3.3.5 Description The issue is related to an incomplete blacklist vulnerability in the lxml.html.clean module, which allows remote attackers to conduct cross-site scripting XSS attacks via control characters in the link...

DEBIAN-CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...