Lucene search
Veracode Vulnerability DatabaseVERACODE:32650HistoryOct 19, 2021 - 4:35 a.m.
Cross-site Scripting (XSS)
2021-10-1904:35:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
71.7%
bluemonday sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to a lack of proper enforcement of policies which allows an attacker to inject maliciously crafted code via the SELECT, STYLE, and OPTION tag.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/microcosm-cc/bluemonday | le | v1.10.15 | |
| pybluemonday | le | 0.0.7 | |
| github.com/microcosm-cc/bluemonday | le | v1.10.15 | |
| pybluemonday | le | 0.0.7 |
Related
ubuntucve
ubuntucve
CVE-2021-42576
2021-10-18 00:00:00
cve
cve
CVE-2021-42576
2021-10-18 15:15:07
nvd
nvd
CVE-2021-42576
2021-10-18 15:15:07
debiancve
debiancve
CVE-2021-42576
2021-10-18 15:15:07
osv
osv
CVE-2021-42576
2021-10-18 15:15:07
PYSEC-2021-849
2021-10-18 15:15:00
Policies not properly enforced in bluemonday
2021-10-19 20:15:30
cvelist
cvelist
CVE-2021-42576
2021-10-18 14:36:43
github
github
Policies not properly enforced in bluemonday
2021-10-19 20:15:30
prion
prion
Design/Logic Flaw
2021-10-18 15:15:00