Lucene search
K

12 matches found

Github Security Blog
Github Security Blog
added 2026/05/27 8:13 p.m.14 views

Symfony has an HtmlSanitizer allowLinkHosts() / allowMediaHosts() Bypass via URL-Parser Differentials and <area> Misclassification

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

5.8AI score0.00048EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44135

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. The configuration methods allowLinkHosts... and allowLinkSchemes... are intended to restrict targets to an allowlist of hosts/schemes; allowMediaHosts / allowMediaSchemes do the same for etc. Three distinct bypasses all...

5.8AI score0.00048EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.2 views

SUSE CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS6.9AI score0.01014EPSS
Exploits0References7
Veracode
Veracode
added 2020/12/06 3:6 a.m.20 views

Authorization Bypass

chromium is vulnerable to authorization bypass. A missing case for handling special schemes in permission request checks in Extensions allows an attacker to install a malicious extension on a victim's host to bypass extension permission checks for privileged pages via a malicious Chrome Extension...

6.5CVSS3.8AI score0.01014EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2019/02/19 5:29 p.m.2 views

DEBIAN-CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS8.5AI score0.01014EPSS
Exploits0References1
Prion
Prion
added 2019/02/19 5:29 p.m.13 views

Design/Logic Flaw

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

4.3CVSS6.8AI score0.01014EPSS
Exploits0References7Affected Software6
OSV
OSV
added 2019/02/19 5:29 p.m.3 views

UBUNTU-CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS7.3AI score0.01014EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/02/19 5:0 p.m.20 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.1AI score0.01014EPSS
Exploits0References7
CVE
CVE
added 2019/02/19 5:0 p.m.263 views

CVE-2019-5778

CVE-2019-5778 affects Google Chrome/Chromium extensions. The available description states a missing case in handling special schemes during permission request checks in Extensions, allowing bypass of extension permission checks for privileged pages via a crafted Chrome Extension (pre 72.0.3626.81...

6.5CVSS5.9AI score0.01014EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2019/02/19 5:0 p.m.21 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS7.4AI score0.01014EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2019/02/12 2:46 a.m.4 views

chromium-browser: Insufficient policy enforcement in Extensions

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS7.3AI score0.01014EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2019/01/30 10:21 a.m.16 views

CVE-2019-5778

A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension...

6.5CVSS3.8AI score0.01014EPSS
Exploits0References4
Rows per page
Query Builder