HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

ImageMagick < 6.9.13-27 / 7.0 < 7.1.2-1 Multiple Vulnerabilities (GHSA-qp29-wxp5-wh82 / GHSA-6hgw-6x87-578x)

The remote host has a version of ImageMagick installed that is prior to 6.9.13-27, 7.0 prior to 7.1.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in GHSA-qp29-wxp5-wh82 / GHSA-6hgw-6x87-578x advisory. - ImageMagick is free and open-source software used for editing and...

CVE-2024-35218

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...

PYSEC-2021-19

An XSS vulnerability was discovered in python-lxml's clean module versions before 4.6.3. When disabling the safeattrsonly and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this flaw to run...