Lucene search
K

22 matches found

NVD
NVD
added 2026/06/08 8:17 p.m.10 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS0.00282EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.7 views

HTML Sanitizer 跨站脚本漏洞

HTML Sanitizer is an HTML security filtering component open-sourced by the TYPO3 GitHub Department. Versions of HTML Sanitizer prior to 2.3.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from incorrect encoding of namespace attributes during HTML serialization, which...

5.1CVSS5AI score0.00366EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/04 8:58 a.m.10 views

Cross-site Scripting

TinyMCE is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper SVG namespace scope handling in the sanitizer, where crafted nested SVG elements can bypass attribute sanitization and execute arbitrary JavaScript, resulting in cross-site scripting attacks...

8.7CVSS5.9AI score0.00191EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:18 p.m.11 views

CVE-2026-47760

TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using nested elements can bypass attribute sanitization and execute arbitrary JavaScript. This...

8.7CVSS6AI score0.00191EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44389

Name of the Vulnerable Software and Affected Versions TinyMCE versions 6.8.0 through 7.0.x Description An XSS Cross-Site Scripting issue exists due to improper SVG namespace scope handling within the sanitizer. An attacker can use a crafted payload with nested elements to bypass attribute...

8.7CVSS6AI score0.00191EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/17 8:51 p.m.5 views

CVE-2026-40301

DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize allows...

4.7CVSS5.8AI score0.00271EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.5 views

CVE-2026-31807

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG blocks dangerous elements...

9.3CVSS5.8AI score0.00625EPSS
Exploits2References1
OSV
OSV
added 2025/11/25 10:10 p.m.4 views

GHSA-G9GQ-3PFX-2GW2 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

Summary It is observed that OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style tags with allowTextIn inside the style tag. This could lead to XSS if the payload is crafted in such a way that it does not sanitise the CSS and allows tags which is not...

8.6CVSS6.2AI score0.00226EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6830

Malicious code in bioql PyPI...

7.3CVSS6.8AI score0.00718EPSS
Exploits1References6
NVD
NVD
added 2025/08/12 5:15 p.m.2 views

CVE-2025-55166

savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to external domains. Thi...

5.1CVSS0.00423EPSS
Exploits0References2
OSV
OSV
added 2025/06/23 9:0 p.m.7 views

CVE-2025-52561 HTMLSanitizer.jl Possible XSS

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...

6.9CVSS6.2AI score0.00714EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 2:29 a.m.8 views

CVE-2023-36471

Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishi...

9CVSS7.4AI score0.01021EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:30 p.m.7 views

CVE-2002-2034

The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments...

7.5CVSS8.1AI score0.02981EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/06 12:0 a.m.2 views

HTML sanitizer 安全漏洞

HTML sanitizer is an allowlist-based HTML cleaner by Matthias Kestenholz, a personal developer. A security vulnerability exists in HTML sanitizer, which is caused by specially crafted HTML that can escape cleaning...

6.1CVSS6.1AI score0.00551EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/04 12:0 a.m.7 views

PT-2023-18514 · Unknown · Svg-Sanitizer

Name of the Vulnerable Software and Affected Versions: sanitize-svg versions prior to 0.4.0 Description: The sanitize-svg package uses a deny-list-pattern to sanitize SVGs and prevent cross-site scripting attacks. However, literal -tags and on-event handlers were detected in versions prior to...

7.6CVSS6AI score0.00571EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2022/09/26 5:5 a.m.4 views

CVE-2022-21169 Prototype Pollution

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization...

7.3CVSS7.1AI score0.00718EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/09/26 12:0 a.m.17 views

Express XSS Sanitizer 安全漏洞

Express XSS Sanitizer is a personal development by AhmedAdelFahim to clean user input data in req.body, req.query, req.headers and req.params to prevent cross-site scripting XSS attacks. express XSS Sanitizer A prototype contamination vulnerability exists in versions prior to 1.1.3, which stems...

7.3CVSS5.5AI score0.00718EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2022/04/05 12:0 a.m.4 views

PT-2022-4877

Name of the Vulnerable Software and Affected Versions Rails::Html::Sanitizer versions prior to 1.4.3 Description The issue is related to the incorrect use of select and style elements when overriding allowed tags in the HTML sanitizer for Rails applications. This can allow a remote attacker to...

7.5CVSS6.3AI score0.2914EPSS
Exploits5References337
vulnersOsv
vulnersOsv
added 2021/06/16 5:34 p.m.4 views

com.github.promregator:promregator (>=0.6.3 <=0.9.0-rc1), com.lancethomps:lava (>=1.0.0 <=1.12.0) +160 more potentially affected by CVE-2021-23899 via com.mikesamuel:json-sanitizer (>=1.2.0 <=1.2.1)

com.mikesamuel:json-sanitizer MAVEN version =1.2.0, =0.6.3, =1.0.0, =1.0.0, =1.1.0, =1.1.0, =1.8.1, =1.0.0, =1.0.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.0 and more Source cves: CVE-2021-23899 Source advisory: OSV:GHSA-MM8J-9X84-M9CV...

9.8CVSS7.2AI score0.02068EPSS
Exploits0
OSV
OSV
added 2020/06/16 10:15 p.m.5 views

UBUNTU-CVE-2020-4054

In Sanitize RubyGem sanitize greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized...

7.3CVSS7AI score0.01853EPSS
Exploits0References6
Rows per page
Query Builder