EUVD-2025-13952

Malicious code in bioql PyPI...

[BSA-124] Security Update for python-django

Colin Watson uploaded new packages for python-django which fixed the following security problems: CVE-2025-32873...

Denial Of Service (DoS)

Django is vulnerable to Denial-of-Service DoS. The vulnerability is due to inefficient HTML parsing due to the striptags function's slow performance when processing large sequences of incomplete HTML tags, which also affects the striptags template filter...

MGASA-2025-0153 Updated python-django packages fix security vulnerability

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

CVE-2025-32873

An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potential denial-of-service slow performance when processing inputs containing large sequences of incomplete HTML tags. The template filter...

PYSEC-2024-156

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

CVE-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

SUSE CVE-2009-4214

Cross-site scripting XSS vulnerability in the striptags function in Ruby on Rails before 2.2.s, and 2.3.x before 2.3.5, allows remote attackers to inject arbitrary web script or HTML via vectors involving non-printing ASCII characters, related to HTML::Tokenizer and...

Cross site scripting

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting XSS vulnerability via the function striptags...

CVE-2022-28920

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting XSS vulnerability via the function striptags...

Fedora 10 : rubygem-actionpack-2.1.1-5.fc10 (2009-12966)

Two security issues are found on activepack shipped on Fedora 10. One bug is that there is a weakness in the striptags function in ruby on rails bug 542786, CVE-2009-4214. Another one is a possibility to circumvent protection against cross-site request forgery CSRF attacks bug 544329. This new rp...

ls-exec.txt

Special Greetings To - Timq,Warpboy,The-Maggot File: index.php Affects: LS simple guestbook v1 Date: 15th April 2007 Issue Description: =========================================================================== LS simple guestbook fails to sanitize user input that it writes to the posts.txt file...

GLSA-200407-13 : PHP: Multiple security vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200407-13 PHP: Multiple security vulnerabilities Several security vulnerabilities were found and fixed in version 4.3.8 of PHP. The striptags function, used to sanitize user input, could in certain cases allow tags containing \0...

[SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 531-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 20th, 2004 http://www.debian.org/security/faq -...

PHP

New PHP packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix security issues memorylimit handling and a problem in the striptags function. Sites using PHP should upgrade. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...

Important: Red Hat Security Advisory: php security update

Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit configuration setting is enabled in versions of PHP 4 before 4.3.8. If a remote attacker...

php -- strip_tags cross-site scripting vulnerability

Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks...