61 matches found
Astra Linux - уязвимость в golang-1.19
Templates that contain actions within unquoted HTML attributes e.g., “attr=.” and are executed with an empty input can result in unexpected outputs when parsed due to HTML normalization rules. This may allow for the injection of arbitrary attributes into tags...
CVE-2026-42612 Grav: Publisher-Level Stored XSS via Unquoted Event Attributes
Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attribute...
GHSA-9695-8FR9-HW5Q Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes
Summary A stored Cross-Site Scripting XSS vulnerability in getgrav/grav allows publisher-level accounts to execute arbitrary JavaScript. The issue arises from a blacklist bypass in the detectXss function when handling unquoted HTML event attributes. Details The detectXss function relies on a...
PT-2026-29670
Summary The sanitization pipeline for FAQ content is: 1. Filter::filterVar$input, FILTER SANITIZE SPECIAL CHARS — encodes , ", ', & to HTML entities 2. html entity decode$input, ENT QUOTES | ENT HTML5 — decodes entities back to characters 3. Filter::removeAttributes$input — removes dangerous HTML...
CLEANSTART-2026-PY85990 tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing
Security vulnerability affects the prometheus package. The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing...
Security Bulletin: Incorrect Handling of Unquoted Attributes Ending with Slash in Tokenizer Causes Misparsed Self-Closing Tags in Foreign Content affects watsonx.data
Summary The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in conten...
Linux Distros Unpatched Vulnerability : CVE-2025-22872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, thi...
SUSE-SU-2025:02383-2 Security update for kubernetes1.26
This update for kubernetes1.26 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
SUSE-SU-2025:01940-2 Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
SUSE-SU-2025:02350-1 Security update for kubernetes1.28
This update for kubernetes1.28 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
Security update for kubernetes1.24
This update for kubernetes1.24 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Security update for kubernetes1.25
This update for kubernetes1.25 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
SUSE-SU-2025:02351-1 Security update for kubernetes1.25
This update for kubernetes1.25 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
SUSE-SU-2025:02336-1 Security update for kubernetes1.27
This update for kubernetes1.27 fixes the following issues: - CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865...
Security update for kubernetes1.23
This update for kubernetes1.23 fixes the following issues: CVE-2025-22872: Properly handle trailing solidus in unquoted attribute value in foreign content bsc1241865. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Medium: ecs-init
Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...
SUSE CVE-2025-22872
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60537 CVE-2025-22872 affecting package kubevirt for versions less than 1.2.0-17
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
DEBIAN-CVE-2025-22872
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...
AZL-60588 CVE-2025-22872 affecting package telegraf for versions less than 1.29.4-16
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...