3 matches found
Regular Expression Denial Of Service (ReDoS)
Mako is vulnerable to regular expression denial of service. The vulnerability exists due to the insecure regex pattern used for the match attribute in the matchtagstart function of lexer.py, allowing an attacker to crash the application by providing a large number of tag quotes within its quoted...
CVE-2017-11617
Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...
CVE-2017-9332
The smartyself function in modules/modulesmarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag...