Lucene search
K

14 matches found

Positive Technologies
Positive Technologies
added 2025/12/13 12:0 a.m.6 views

PT-2025-51991

Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 Description Roundcube Webmail contains a Cross-Site Scripting XSS issue stemming from the use of the animate tag within SVG documents. This allows attackers to execute...

7.2CVSS5.7AI score0.19769EPSS
Exploits1References90
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-31750

Malicious code in bioql PyPI...

6.6CVSS5.4AI score0.00313EPSS
Exploits0References1
OSV
OSV
added 2024/11/19 10:15 p.m.4 views

DEBIAN-CVE-2024-52595

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...

6.1CVSS5.2AI score0.00472EPSS
Exploits0References1
NVD
NVD
added 2023/12/21 1:15 a.m.30 views

CVE-2023-28025

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

6.6CVSS0.00313EPSS
Exploits0References1
Prion
Prion
added 2023/12/21 1:15 a.m.17 views

Cross site scripting

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

4.3CVSS6AI score0.00313EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/21 12:32 a.m.56 views

CVE-2023-28025

CVE-2023-28025 affects HCL Technologies BigFix Mobile / Modern Client Management (including v3.1 and prior per multiple sources). The issue is a stored XSS via the ability to inject an SVG tag into HTML, resulting in an alert cookie pop-up. Root cause is improper input handling that allows SVG ma...

6.6CVSS5.1AI score0.00313EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/21 12:32 a.m.26 views

CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...

6.6CVSS6.3AI score0.00313EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/20 12:0 a.m.5 views

PT-2023-21490 · Hcl +1 · Hcl Bigfix Mobile / Modern Client Management +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a Master operator to potentially incorporate an SVG tag into HTML, leading to an alert pop-up that displays a cookie. This is related t...

6.6CVSS4.9AI score0.00313EPSS
Exploits0References3
Veracode
Veracode
added 2023/10/06 6:35 a.m.24 views

Cross Site Scripting

HtmlSanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization whensvg and math html tags are in the list of allowed elements. An attacker can exploit this vulnerability by injection malicious JavaScript using svg and math html tags...

6.1CVSS7.1AI score0.00363EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.16 views

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

7.2AI score0.00364EPSS
Exploits0References2
CNVD
CNVD
added 2022/06/30 12:0 a.m.9 views

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-59953)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...

6.1CVSS6AI score0.00395EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2021/03/09 4:10 p.m.30 views

python-bleach: Mutation cross-site scripting in bleach.clean

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...

6.1CVSS5.8AI score0.00483EPSS
Exploits1References5
PyPA
PyPA
added 2021/02/02 5:58 p.m.6 views

PYSEC-2021-865

In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...

6.1CVSS6.3AI score0.00483EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2020/03/24 10:15 p.m.7 views

UBUNTU-CVE-2020-6816

In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...

6.1CVSS6.9AI score0.01301EPSS
Exploits1References6
Rows per page
Query Builder