Lucene search
K

41 matches found

Github Security Blog
Github Security Blog
added 2026/04/21 8:39 p.m.12 views

Astro: XSS in define:vars via incomplete </script> tag sanitization

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00189EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.5 views

PT-2026-34233

Summary The defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing , allowing ...

6.1CVSS6AI score0.00189EPSS
Exploits1References5
OSV
OSV
added 2026/01/30 2:7 p.m.4 views

CLEANSTART-2026-PY85990 tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing

Security vulnerability affects the prometheus package. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...

9.8CVSS8.2AI score0.0045EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/10 1:54 p.m.7 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing (CVE-2025-22872).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the...

6.5CVSS7.2AI score0.0045EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/09 3:15 p.m.4 views

Security Bulletin: Incorrect Handling of Unquoted Attributes Ending with Slash in Tokenizer Causes Misparsed Self-Closing Tags in Foreign Content affects watsonx.data

Summary The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in conten...

6.5CVSS6.8AI score0.0045EPSS
Exploits0Affected Software1
Amazon
Amazon
added 2025/06/02 12:0 a.m.11 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00682EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/04/18 1:23 a.m.3 views

SUSE CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.9AI score0.0045EPSS
Exploits0References48
NVD
NVD
added 2025/04/16 6:16 p.m.7 views

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS0.0045EPSS
Exploits0References5
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

AZL-60479 CVE-2025-22872 affecting package influxdb for versions less than 2.7.5-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

AZL-60459 CVE-2025-22872 affecting package cri-tools for versions less than 1.32.0-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

AZL-60467 CVE-2025-22872 affecting package docker-buildx for versions less than 0.14.0-6

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

AZL-60542 CVE-2025-22872 affecting package gh for versions less than 2.62.0-8

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.5 views

AZL-61762 CVE-2025-22872 affecting package podman for versions less than 5.6.1-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

AZL-60604 CVE-2025-22872 affecting package packer for versions less than 1.9.5-13

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

AZL-60528 CVE-2025-22872 affecting package cert-manager for versions less than 1.12.15-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

AZL-60573 CVE-2025-22872 affecting package kube-vip-cloud-provider for versions less than 0.0.10-4

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.3 views

AZL-60534 CVE-2025-22872 affecting package kubernetes for versions less than 1.30.10-7

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

AZL-60474 CVE-2025-22872 affecting package multus for versions less than 4.0.2-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.6 views

AZL-61812 CVE-2025-22872 affecting package cri-o 1.30.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References1
OSV
OSV
added 2025/04/16 6:16 p.m.1 views

DEBIAN-CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS7.1AI score0.0045EPSS
Exploits0References1
Rows per page
Query Builder