CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

PT-2024-23072 · 10Web +1 · Photo Gallery

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The image upload component is affected by an issue where it allows SVG files, and the regular expression used to remove script tags can be bypassed. Thi...

CVE-2022-1293

The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions...

CVE-2020-7691

In all versions of the package jspdf, it is possible to use script in order to go over the filtering regex...

Check Point Software Firewall-1 3.0 Script - Tag Checking Bypass

source: https://www.securityfocus.com/bid/954/info Firewall-1 includes the ability to alter script tags in HTML pages before passing them to the client's browser. This alteration invalidates the tag, rendering the script unexecutable by the browser. In version 3, this function can be bypassed by...