Regular Expression Denial of Service in bleach

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...

GHSA-MVMF-CVFX-QG55 Regular Expression Denial of Service in bleach

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44584)

NeDi Consulting NeDi is a suite of open source software that supports the discovery and mapping of network devices from the Swiss company NeDi Consulting. NeDi Consulting A cross-site scripting vulnerability exists in the 'sanitize' function of the inc/libmisc.php file in NeDi version 1.9C. The...

Cross site scripting

The sanitizestring function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting XSS attack by wrapping a payload in "scriptpayload", or in an image tag, with the payload as the onerror event...

Internal Property Tampering

Overview schema-inspector is a JSON API sanitisation and validation module. Affected versions of this package are vulnerable to Internal Property Tampering. A maliciously crafted JavaScript object can bypass the sanitize and the validate function used within schema-inspector. Remediation Upgrade...

Cross-site Scripting (XSS)

express-validator is vulnerable to cross-site scripting XSS. The vulnerability exists as it was possible to bypass the sanitize function as the toString function does not sanitize arrays...

Cross site scripting

The sanitizestring function in ZenPhoto before 1.4.9 utilized the htmlentitydecode function after input sanitation, which might allow remote attackers to perform a cross-site scripting XSS via a crafted string...

CVE-2014-9261

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. dot dot in the path parameter to index.php...

CVE-2014-9261

Codoforum 2.5.1 is affected by CVE-2014-9261, enabling arbitrary file download via directory traversal through the path parameter to index.php. The root cause is a sanitize() implementation that calls str_replace(".."/"%2e%2e"), but does not assign the result back to the variable, so the traversa...

CodoForum 2.5.1 - Arbitrary File Download

CodoForum 2.5.1 - Arbitrary File Download Exploit Title: Codoforum 2.5.1 Arbitrary File Download Date: 23-11-2014 Software Link: https://codoforum.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps CVE: CVE-2014-9261 1...