3 matches found
CVE-2021-36132
An issue was discovered in the FileImporter extension in MediaWiki through 1.36. For certain relaxed configurations of the $wgFileImporterRequiredRight variable, it might not validate all appropriate user rights, thus allowing a user with insufficient rights to perform operations specifically fil...
Sanitize Cross-Site Scripting Vulnerability
Sanitize is an HTML and CSS cleaner from Ryan Grove Software Developers in the USA that supports removing HTML and CSS from strings and more. A cross-site scripting vulnerability exists in Sanitize 3.0.0 and later versions fixed in version 5.2.1. When using Sanitize's "relaxed" configuration or...
UBUNTU-CVE-2020-4054
In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...