202 matches found
Sanitize-html cross-site scripting vulnerability (CNVD-2018-14553)
Sanitize-html is a tool for cleaning up user-submitted HTML. A cross-site scripting vulnerability exists in Sanitize-html 1.2.2 and earlier versions. A remote attacker can inject arbitrary web script or HTML by exploiting this vulnerability...
Sanitize-html Cross-Site Scripting Vulnerability
Sanitize-html is a tool for cleaning up user-submitted HTML. A cross-site scripting vulnerability exists in Sanitize-html 1.11.1 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via nonTextTags...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
Cross site scripting
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
Cross site scripting
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16017
The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16016
CVE-2017-16016 affects the sanitize-html library. Versions ≤ 1.11.1 are vulnerable to cross-site scripting when allowedTags contains at least one nonTextTag. Root cause is improper sanitization in scenarios using nonTextTags, leading to potential XSS. Impact is mitigated by upgrading to 1.11.4 or...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
PT-2018-6046
Name of the Vulnerable Software and Affected Versions: sanitize-html versions 1.11.1 and below Description: The issue concerns a cross-site scripting XSS vulnerability in certain scenarios. When at least one non-text tag is allowed, the result is a potential XSS vulnerability. This occurs when th...
Microsoft Office Outlook Spoofing Vulnerability - Mac OS X
This host is missing an important security update for Microsoft Office 2016 on Mac OS X according to Microsoft security update June 2017 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Cross-site Scripting (XSS)
sanitize-html is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the use of double quotes...
Cross-site Scripting (XSS)
sanitize-html is vulnerable to cross-site scripting XSS attacks. These attacks are possible through nonTextTags...
Cross-Site Scripting
Overview Affected versions of sanitize-html are vulnerable to cross-site scripting. Proof of Concept: produces the following: This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parser. Recommendation Update to version 1.2.3 or later. References - Iss...
Cross-Site Scripting
Overview Affected versions of sanitize-html are vulnerable to cross-site scripting when allowedTags includes at least one nonTextTag. Proof of Concept var sanitizeHtml = require'sanitize-html'; var dirty = '!/textarea!'; var clean = sanitizeHtmldirty, allowedTags: 'textarea' ; console.logclean; /...