Lucene search
K

9 matches found

CVE
CVE
added 2026/06/08 7:3 p.m.30 views

CVE-2026-47344

TYPO3 HTML Sanitizer (typo3/html-sanitizer) vulnerability CVE-2026-47344 affects versions before 2.3.2. When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the sanitizer but browsers accept them as valid end tags, allowing subsequent content to ...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.25 views

PT-2026-42220

Name of the Vulnerable Software and Affected Versions CryptPad versions prior to 2026.2.0 Description The HTML sanitizer in Diffmarked.js contains a flaw where it fails to properly filter attributes on restricted tags. While the sanitizer validates the src attribute for , , and elements, it does...

6.1CVSS5.9AI score0.00242EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/16 11:14 p.m.5 views

CVE-2026-40922

SiYuan is an open-source personal knowledge management system. In versions 3.6.1 through 3.6.3, a prior fix for XSS in bazaar README rendering incomplete fix for CVE-2026-33066 enabled the Lute HTML sanitizer, but the sanitizer does not block iframe tags, and its URL-prefix blocklist does not...

9CVSS6.9AI score0.00584EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/04/10 9:8 p.m.4 views

GHSA-93VF-569F-22CQ rhukster/dom-sanitizer: SVG <style> tag allows CSS injection via unfiltered url() and @import directives

Summary DOMSanitizer::sanitize allows elements in SVG content but never inspects their text content. CSS url references and @import rules pass through unfiltered, causing the browser to issue HTTP requests to attacker-controlled hosts when the sanitized SVG is rendered. Details In...

4.7CVSS6AI score0.00271EPSS
Exploits0References5
Debian
Debian
added 2026/03/30 3:9 p.m.6 views

[SECURITY] [DLA 4517-1] roundcube security update

Debian LTS Advisory DLA-4517-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 30, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u8 CVE ID : not yet available Debian Bug : 1131182 1132268 Multiple vulnerabilities were...

5.9AI score
Exploits0
CVE
CVE
added 2025/08/12 4:25 p.m.21 views

CVE-2025-55166

The CVE-2025-55166 issue affects the PHP SVG sanitizer project svg-sanitizer. Before version 0.22.0, the cleanXlinkHrefs function only searches for lower-case attribute names, allowing bypass of the isHrefSafeValue check and enabling cross-site scripting or linking to external domains. A fix is a...

5.1CVSS6.5AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2021/03/21 5:15 a.m.6 views

AZL-6808 CVE-2021-28957 affecting package python-lxml for versions less than 4.8.0-1

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...

6.1CVSS6.8AI score0.04002EPSS
Exploits1References1
OSV
OSV
added 2020/01/08 10:15 p.m.7 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS8.2AI score
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2014/03/31 12:0 a.m.47 views

Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities

The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting XSS vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, vi...

7.5CVSS8.7AI score0.42777EPSS
Exploits13References29
Rows per page
Query Builder