8 matches found
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
EUVD-2023-45033
Malicious code in bioql PyPI...
EUVD-2024-3194
Malicious code in bioql PyPI...
EUVD-2025-15656
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-35131
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to...
CVE-2025-7658
CVE-2025-7658 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Temporarily Hidden Content (Temporarily Hidden Content) via the shortcodes temphc-start. Affected versions are those up to and including 1.0.6. The issue arises from insufficient input sanitization and out...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...