Lucene search
K

202 matches found

CNVD
CNVD
added 2018/06/15 12:0 a.m.2 views

Sanitize-html cross-site scripting vulnerability (CNVD-2018-14553)

Sanitize-html is a tool for cleaning up user-submitted HTML. A cross-site scripting vulnerability exists in Sanitize-html 1.2.2 and earlier versions. A remote attacker can inject arbitrary web script or HTML by exploiting this vulnerability...

6.1CVSS5.8AI score0.01185EPSS
Exploits1References1
CNVD
CNVD
added 2018/06/15 12:0 a.m.5 views

Sanitize-html Cross-Site Scripting Vulnerability

Sanitize-html is a tool for cleaning up user-submitted HTML. A cross-site scripting vulnerability exists in Sanitize-html 1.11.1 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via nonTextTags...

6.1CVSS5.7AI score0.01357EPSS
Exploits1References1
NVD
NVD
added 2018/06/04 7:29 p.m.22 views

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

6.1CVSS6.2AI score0.01185EPSS
Exploits1References3
OSV
OSV
added 2018/06/04 7:29 p.m.12 views

CVE-2017-16016

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

6.1CVSS6AI score
Exploits0References3
NVD
NVD
added 2018/06/04 7:29 p.m.18 views

CVE-2017-16016

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

6.1CVSS5.9AI score0.01357EPSS
Exploits1References3
OSV
OSV
added 2018/06/04 7:29 p.m.3 views

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

6.1CVSS5.3AI score0.01185EPSS
Exploits1References3
Prion
Prion
added 2018/06/04 7:29 p.m.11 views

Cross site scripting

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

4.3CVSS6.1AI score0.01185EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2018/06/04 7:29 p.m.9 views

Cross site scripting

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

4.3CVSS5.8AI score0.01357EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/06/04 7:0 p.m.50 views

CVE-2017-16017

The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...

6.1CVSS6.1AI score0.01185EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.20 views

CVE-2017-16016

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

5.9AI score0.01357EPSS
Exploits1References3
CVE
CVE
added 2018/06/04 7:0 p.m.52 views

CVE-2017-16016

CVE-2017-16016 affects the sanitize-html library. Versions ≤ 1.11.1 are vulnerable to cross-site scripting when allowedTags contains at least one nonTextTag. Root cause is improper sanitization in scenarios using nonTextTags, leading to potential XSS. Impact is mitigated by upgrading to 1.11.4 or...

6.1CVSS5.8AI score0.01357EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.23 views

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

6.1AI score0.01185EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2018/06/04 7:0 p.m.47 views

CVE-2017-16016

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...

6.1CVSS6AI score0.01357EPSS
Exploits1
Debian CVE
Debian CVE
added 2018/06/04 7:0 p.m.28 views

CVE-2017-16017

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...

6.1CVSS6.2AI score0.01185EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2018/06/04 12:0 a.m.6 views

PT-2018-6046

Name of the Vulnerable Software and Affected Versions: sanitize-html versions 1.11.1 and below Description: The issue concerns a cross-site scripting XSS vulnerability in certain scenarios. When at least one non-text tag is allowed, the result is a potential XSS vulnerability. This occurs when th...

6.1CVSS5.6AI score0.01357EPSS
Exploits1References11
OpenVAS
OpenVAS
added 2017/06/21 12:0 a.m.30 views

Microsoft Office Outlook Spoofing Vulnerability - Mac OS X

This host is missing an important security update for Microsoft Office 2016 on Mac OS X according to Microsoft security update June 2017 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

6.5CVSS6.9AI score0.0499EPSS
Exploits0References3
Veracode
Veracode
added 2017/04/17 1:49 a.m.9 views

Cross-site Scripting (XSS)

sanitize-html is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the use of double quotes...

6.1CVSS5.7AI score0.01185EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2017/04/12 5:37 a.m.16 views

Cross-site Scripting (XSS)

sanitize-html is vulnerable to cross-site scripting XSS attacks. These attacks are possible through nonTextTags...

6.1CVSS5.7AI score0.01357EPSS
Exploits1References3Affected Software1
Node.js
Node.js
added 2016/10/27 4:37 p.m.35 views

Cross-Site Scripting

Overview Affected versions of sanitize-html are vulnerable to cross-site scripting. Proof of Concept: produces the following: This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parser. Recommendation Update to version 1.2.3 or later. References - Iss...

4.3CVSS2.3AI score0.01185EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2016/10/27 4:25 p.m.47 views

Cross-Site Scripting

Overview Affected versions of sanitize-html are vulnerable to cross-site scripting when allowedTags includes at least one nonTextTag. Proof of Concept var sanitizeHtml = require'sanitize-html'; var dirty = '!/textarea!'; var clean = sanitizeHtmldirty, allowedTags: 'textarea' ; console.logclean; /...

4.3CVSS2.8AI score0.01357EPSS
Exploits1Affected Software1
Rows per page
Query Builder