3 matches found
CVE-2005-0649
Pixel-Apes SafeHTML prior to version 1.2.1 is vulnerable to bypassing XSS protection via hexadecimal HTML entities. Affected: SafeHTML component (pre-1.2.1). Root cause: input handling allows bypass of HTML entity encoding to defeat XSS protections. Impact: potential remote XSS. Exploitation deta...
CVE-2005-1638
The vulnerability CVE-2005-1638 affects the SafeHTML library, with the _writeAttrs function failing to properly quote attribute values. This mis-handling can enable cross-site scripting (XSS) in applications that rely on SafeHTML for protection. Affected: SafeHTML prior to 1.3.2. Root cause: insu...
CVE-2005-0648
Pixel-Apes SafeHTML (pre-1.3.0) contains vulnerabilities that allow remote attackers to bypass XSS protections via (1) decimal HTML entities or (2) the null byte \x00 symbol. Affected component is SafeHTML prior to version 1.3.0. Impact is HTML/script injection bypass of protections; no other sys...