14 matches found
PT-2025-51991
Name of the Vulnerable Software and Affected Versions Roundcube versions prior to 1.5.12 Roundcube versions prior to 1.6.12 Description Roundcube Webmail contains a Cross-Site Scripting XSS issue stemming from the use of the animate tag within SVG documents. This allows attackers to execute...
EUVD-2023-31750
Malicious code in bioql PyPI...
DEBIAN-CVE-2024-52595
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as , and . This behavior deviates from how web browsers parse and interpret such tags...
CVE-2023-28025
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
Cross site scripting
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
CVE-2023-28025
CVE-2023-28025 affects HCL Technologies BigFix Mobile / Modern Client Management (including v3.1 and prior per multiple sources). The issue is a stored XSS via the ability to inject an SVG tag into HTML, resulting in an alert cookie pop-up. Root cause is improper input handling that allows SVG ma...
CVE-2023-28025 An HTML injection vulnerability can affect HCL BigFix Mobile / Modern Client Management
Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. To mitigate stored XSS vulnerabilities, a preventive measure involves thoroughly sanitizing and validating all user inputs before they are processed a...
PT-2023-21490 · Hcl +1 · Hcl Bigfix Mobile / Modern Client Management +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a Master operator to potentially incorporate an SVG tag into HTML, leading to an alert pop-up that displays a cookie. This is related t...
Cross Site Scripting
HtmlSanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization whensvg and math html tags are in the list of allowed elements. An attacker can exploit this vulnerability by injection malicious JavaScript using svg and math html tags...
CVE-2022-34473
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...
Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2023-59953)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a cross-site scripting vulnerability that stems from a lack of filtering and escaping in the SVG tag. An attacker can exploit the vulnerability to execute JavaScript code o...
python-bleach: Mutation cross-site scripting in bleach.clean
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument stripcomments=False Note: none of the above tags are in the default allowe...
PYSEC-2021-865
In Mozilla Bleach before 3.3.0, a mutation XSS affects users calling bleach.clean with math or svg; p or br; and style, title, noscript, script, textarea, noframes, iframe, or xmp tags with stripcomments=False...
UBUNTU-CVE-2020-6816
In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCDATA and either svg or math tags are whitelisted and the keyword argument strip=False...