Lucene search
K

49 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.4AI score0.00263EPSS
Exploits1References7
OSV
OSV
added 2026/02/13 5:45 p.m.4 views

CLSA-2026-1771004705 Fix CVE(s): CVE-2025-68168, CVE-2025-69204

SECURITY UPDATE: stack overflow via deeply nested MSL/SVG elements - debian/patches/CVE-2025-68168.patch: add recursion depth checking in MSLStartElement and SVGStartElement to prevent stack exhaustion - CVE-2025-68168 SECURITY UPDATE: integer overflow in SVG PathPrimitive processing -...

7.5CVSS5.9AI score0.00524EPSS
Exploits1References1
OSV
OSV
added 2025/10/14 4:37 a.m.4 views

JLSEC-2025-39 Possible XSS in HTMLSanitizer when using svg elements

Description When adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This behavior is similar to the sanitization bypass described in CVE-2020-40...

6.9CVSS6.6AI score0.00714EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-7663

Malware in sbrugna...

6.1CVSS7.8AI score0.01594EPSS
Exploits0References26
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2011-3003

Malware in sbrugna...

6.8CVSS9.3AI score0.01712EPSS
Exploits1References19
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-1845

Malware in sbrugna...

9.3CVSS6.1AI score0.02253EPSS
Exploits1References9
CVE
CVE
added 2025/06/04 4:32 p.m.182 views

CVE-2025-2336

CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...

4.8CVSS6.7AI score0.00354EPSS
Exploits0References4
Veracode
Veracode
added 2025/05/09 3:53 a.m.11 views

Content Spoofing

AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...

4.8CVSS6.6AI score0.00375EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/04/29 4:26 p.m.91 views

CVE-2025-0716

CVE-2025-0716 is a vulnerability in AngularJS where improper sanitization of the href and xlink:href attributes in SVG elements can bypass image-source restrictions and enable Content Spoofing, potentially affecting performance due to large or slow-loading images. Affects all versions of Angular...

4.8CVSS5AI score0.00375EPSS
Exploits0References3
Information Security Automation
Information Security Automation
added 2024/10/15 12:21 p.m.29 views

About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

6.1CVSS6.7AI score0.73445EPSS
Exploits7
Amazon
Amazon
added 2020/12/09 12:0 a.m.53 views

Critical: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developer reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been...

9.8CVSS8.9AI score0.42597EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2020/10/05 12:0 a.m.30 views

Oracle Linux 8 : thunderbird (ELSA-2020-4155)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...

8.8CVSS7.8AI score0.01961EPSS
Exploits0References5
OSV
OSV
added 2020/10/01 7:15 p.m.7 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS8AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2020/09/22 8:48 p.m.35 views

CVE-2020-15676

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS1.2AI score0.01594EPSS
Exploits0References4
OSV
OSV
added 2020/07/07 11:45 a.m.7 views

SUSE-SU-2020:0629-1 Security update for librsvg

This update for librsvg to version 2.42.8 fixes the following issues: librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numbe...

6.5CVSS6.4AI score0.02125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/16 12:0 a.m.32 views

openSUSE Security Update : librsvg (openSUSE-2020-343)

This update for librsvg to version 2.42.8 fixes the following issues : librsvg was updated to version 2.42.8 fixing the following issues: - CVE-2019-20446: Fixed an issue where a crafted SVG file with nested patterns can cause denial of service bsc1162501. NOTE: Librsvg now has limits on the numb...

6.5CVSS6.8AI score0.02125EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/10/22 12:0 a.m.4 views

PT-2019-5086

Name of the Vulnerable Software and Affected Versions Loofah gem for Ruby versions through 2.3.0 Description The issue is related to the Loofah gem for Ruby, where unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This could potentially allow a remote...

7.5CVSS6.5AI score0.01984EPSS
Exploits0References45
Tenable Nessus
Tenable Nessus
added 2019/01/10 12:0 a.m.39 views

Debian DSA-4364-1 : ruby-loofah - security update

It was discovered that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, performed insufficient sanitising of SVG elements. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

5.4CVSS6.2AI score0.0091EPSS
Exploits0References4
Prion
Prion
added 2018/06/11 9:29 p.m.14 views

Buffer overflow

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

7.5CVSS9.2AI score0.04187EPSS
Exploits1References11Affected Software10
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.22 views

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

9.8CVSS10AI score0.04187EPSS
Exploits1
Rows per page
Query Builder