USN-8077-1: Bleach vulnerabilities

It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...

EUVD-2020-0055

Malware in sbrugna...

Mageia: Security Advisory (MGASA-2020-0176)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for python-bleach (important)

openSUSE Security Update: Security update for python-bleach Announcement ID: openSUSE-SU-2021:0571-1 Rating: important References: 1167379 1168280 1184547 Cross-References: CVE-2020-6816 CVE-2020-6817 CVE-2021-23980 CVSS scores: CVE-2020-6816 NVD : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

openSUSE Security Update : python-bleach (openSUSE-2021-552)

This update for python-bleach fixes the following issues : - CVE-2021-23980: Fixed mutation XSS on bleach.clean with specific combinations of allowed tags boo1184547 Update to 3.1.5 : - replace missing setuptools dependency with packaging. Thank you Benjamin Peterson. Update to 3.1.4 boo1168280,...

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

DEBIAN-CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

Cross site scripting

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag

Impact A mutation XSS affects users calling bleach.clean with all of: the svg or math in the allowed/whitelisted tags an RCDATA tag see below in the allowed/whitelisted tags the keyword argument strip=False Patches Users are encouraged to upgrade to bleach v3.1.2 or greater. Workarounds modify...

Cross-Site Scripting (XSS)

bleach is vulnerable to cross-site scripting XSS. The bleach.clean behavior when parsing embedded MathML and SVG content with RCDATA tags did not match the browser behavior and can result in a mutation XSS...

www/py-bleach -- multiple vulnerabilities

bleach.clean behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to bleach.clean with strip=False and math or svg tags and one or more of the RCDATA tags script, noscript, style, noframes, iframe, noembed, or x...

CVE-2019-12970

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of...

UBUNTU-CVE-2019-12970

XSS was discovered in SquirrelMail through 1.4.22 and 1.5.x through 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of...

Ordinary file deception-vulnerability warning-the black bar safety net

Source: whytt's Blog Have a very want to get the permission of the Forum, and suddenly see the administrator collection XX information, photos, and open up an FTP upload, so the thought of the bundled Trojan file to trick the administrator of the method. I used to use windows comes with IEXPRESS...