Lucene search
+L

207 matches found

OSV
OSV
added 2022/12/15 10:15 a.m.6 views

CVE-2022-32763

A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality of Lansweeper lansweeper 10.1.1.0. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger this vulnerability...

6.1CVSS5.9AI score0.01125EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.8 views

PT-2022-21448 · Unknown · Lansweeper

Name of the Vulnerable Software and Affected Versions: Lansweeper version 10.1.1.0 Description: A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality. This allows an attacker to send a specially-crafted HTTP request, leading to arbitrary Javascript...

9.1CVSS7.5AI score0.01125EPSS
Exploits1References4
Veracode
Veracode
added 2022/08/31 4:2 a.m.24 views

Regular Expression Denial Of Service (ReDoS)

sanitize-html is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the href attribute in the sanitizeHtml function of index.js, allowing an attacker to cause an application crash by providing a malicious input...

7.5CVSS7.2AI score0.0115EPSS
Exploits0References3Affected Software2
vulnersOsv
vulnersOsv
added 2022/08/31 12:0 a.m.7 views

08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +6405 more potentially affected by CVE-2022-25887 via sanitize-html (>=0.1.4 <=2.7.0)

sanitize-html NPM version =0.1.4, =1.0.0, =0.15.4, =4.11.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =0.6.0, =3.0.19, =3.0.25 and more Source cves: CVE-2022-25887 Source advisory: OSV:GHSA-CGFM-XWP7-2CVR...

7.5CVSS6.7AI score0.0115EPSS
Exploits0
OSV
OSV
added 2022/08/31 12:0 a.m.8 views

GHSA-CGFM-XWP7-2CVR Sanitize-html Vulnerable To REDoS Attacks

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS5.9AI score0.0115EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/08/31 12:0 a.m.62 views

Sanitize-html Vulnerable To REDoS Attacks

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS7.4AI score0.0115EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/08/30 5:15 a.m.1 views

DEBIAN-CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS6.3AI score0.0115EPSS
Exploits0References1
Prion
Prion
added 2022/08/30 5:15 a.m.20 views

Design/Logic Flaw

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

5CVSS7.4AI score0.0115EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/08/30 5:15 a.m.35 views

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References6
OSV
OSV
added 2022/08/30 5:15 a.m.10 views

UBUNTU-CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS7.1AI score0.0115EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/08/30 5:0 a.m.30 views

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS6.2AI score0.0115EPSS
Exploits0
Cvelist
Cvelist
added 2022/08/30 5:0 a.m.23 views

CVE-2022-25887 Regular Expression Denial of Service (ReDoS)

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

5.3CVSS7.5AI score0.0115EPSS
Exploits0References4
CVE
CVE
added 2022/08/30 5:0 a.m.230 views

CVE-2022-25887

CVE-2022-25887 affects the Node.js package Sanitize-html up to version 2.7.1, vulnerable to a Regular Expression Denial of Service (ReDoS) caused by insecure global regex replacement during HTML comment removal. The NVD entry reports a CVSS v3.1 base score of 7.5 (high impact) with network attack...

7.5CVSS6.1AI score0.0115EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/08/30 5:0 a.m.19 views

CVE-2022-25887 Regular Expression Denial of Service (ReDoS)

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

5.3CVSS6.7AI score0.0115EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/08/30 5:0 a.m.3 views

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular expression replacement logic of HTML comment removal...

7.5CVSS6.8AI score0.0115EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.6 views

sanitize-html 安全漏洞

sanitize-html is an open source library from Apostrophe Technologies. It cleans up user-submitted HTML, keeping whitelisted elements and whitelisted attributes on a per-element basis. A security vulnerability exists in sanitize-html versions prior to 2.7.1, which stems from an insecure global...

7.5CVSS6.7AI score0.0115EPSS
Exploits0References8
Snyk
Snyk
added 2022/07/21 7:37 a.m.4 views

Regular Expression Denial of Service (ReDoS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS due to insecure global regular...

7.5CVSS6.7AI score0.0115EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2022/07/21 7:37 a.m.5 views

5etools-utils (>=0.15.4 <=0.16.13), 7ghost (>=4.11.0 <=4.11.46) +3630 more potentially affected by CVE-2022-25887 via sanitize-html (>=2.10.0 <=2.7.0)

sanitize-html NPM version =2.10.0, =0.15.4, =4.11.0, =0.1.0, =1.0.0, =0.0.74, =0.0.14, =0.0.1, =0.0.1, =3.0.19, =1.3.0, =2.6.0, =2.0.0, =0.0.1, =0.0.5, =2.5.1 and more Source cves: CVE-2022-25887 Source advisory: SNYK:JS-SANITIZEHTML-2957526...

7.5CVSS6.7AI score0.0115EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/01/28 7:32 p.m.30 views

Security Bulletin: Denial of Service vulnerability in sanitize-html affects IBM Business Automation Workflow (CVE-2021-23382)

Summary A denial of service vulnerability in sanitize-html affects IBM Business Automation Workflow Workflow Center. Vulnerability Details CVEID: CVE-2021-23382 DESCRIPTION: Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service ReDoS flaw in...

7.5CVSS7.2AI score0.02508EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2022/01/13 12:0 a.m.16 views

Debian: Security Advisory (DLA-2878-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01045EPSS
Exploits0References4
Rows per page
Query Builder