207 matches found
CVE-2022-32763
A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...
PT-2022-21448 · Unknown · Lansweeper
Name of the Vulnerable Software and Affected Versions: Lansweeper version 10.1.1.0 Description: A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality. This allows an attacker to send a specially-crafted HTTP request, leading to arbitrary Javascript...
Regular Expression Denial Of Service (ReDoS)
sanitize-html is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the href attribute in the sanitizeHtml function of index.js, allowing an attacker to cause an application crash by providing a malicious input...
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6405 more potentially affected by CVE-2022-25887 via sanitize-html (>=0.1.4 <=2.7.0)
sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =4.11.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =0.6.0, =3.0.19, =3.0.25 and more Source cves: CVE-2022-25887 Source advisory: OSV:GHSA-CGFM-XWP7-2CVR...
GHSA-CGFM-XWP7-2CVR Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
Sanitize-html Vulnerable To REDoS Attacks
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
DEBIAN-CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
Design/Logic Flaw
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
UBUNTU-CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887 Regular Expression Denial of Service (ReDoS)
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
CVE-2022-25887 affects the Node.js package Sanitize-html up to version 2.7.1, vulnerable to a Regular Expression Denial of Service (ReDoS) caused by insecure global regex replacement during HTML comment removal. The NVD entry reports a CVSS v3.1 base score of 7.5 (high impact) with network attack...
CVE-2022-25887 Regular Expression Denial of Service (ReDoS)
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...
sanitize-html 安全漏洞
sanitize-html is an open source library from Apostrophe Technologies. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in sanitize-html versions prior to 2.7.1, which stems from an insecure global...
Regular Expression Denial of Service (ReDoS)
Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular...
5etools-utils (>=0.15.4 <=0.16.13), 7ghost (>=4.11.0 <=4.11.46) +3630 more potentially affected by CVE-2022-25887 via sanitize-html (>=2.10.0 <=2.7.0)
sanitize-html NPM version =2.10.0, =0.15.4, =4.11.0, =0.1.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =3.0.19, =1.3.0, =2.6.0, =2.0.0, =0.0.1, =0.0.5, =2.5.1 and more Source cves: CVE-2022-25887 Source advisory: SNYK:JS-SANITIZEHTML-2957526...
Security Bulletin: Denial of Service vulnerability in sanitize-html affects IBM Business Automation Workflow (CVE-2021-23382)
Summary A denial of service vulnerability in sanitize-html affects IBM Business Automation Workflow Workflow Center. Vulnerability Details CVEID: CVE-2021-23382 DESCRIPTION: Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service ReDoS flaw in...
Debian: Security Advisory (DLA-2878-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...