Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
noscript noscript vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-16983
NoScript Classic prior to 5.1.8.7, as used in Tor Browser 7.x and other products, allows malicious users to bypass script blocking via the text/html;/json Content-Type value.
Noscript Noscript
Torproject Tor Browser
7.3
CVSSv3
CVE-2020-4054
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or sv...
Sanitize Project Sanitize
6.1
CVSSv3
CVE-2023-51652
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject t...
Spassarop Owasp Antisamy .net
6.1
CVSSv3
CVE-2023-38500
TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization la...
Typo3 Html Sanitizer
6.1
CVSSv3
CVE-2021-23980
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in ...
Mozilla Bleach
6.1
CVSSv3
CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, before 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in X...
Sanitize Project Sanitize
6.1
CVSSv3
CVE-2021-23974
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
Mozilla Firefox
6.1
CVSSv3
CVE-2020-6802
In Mozilla Bleach prior to 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option.
Mozilla Bleach
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
2 Github repositories
6.1
CVSSv3
CVE-2019-12970
XSS exists in SquirrelMail up to and including 1.4.22 and 1.5.x up to and including 1.5.2. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the appli...
Squirrelmail Squirrelmail
1 Github repository
NA
CVE-2011-4457
OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) prior to 88, when JavaScript is disabled, allows user-assisted remote malicious users to obtain potentially sensitive information via a crafted FORM element within a NOSCRIPT element.
Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 48
Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer
Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 74
Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 50
Owasp-java-html-sanitizer Project Owasp-java-html-sanitizer 42
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30065
CVE-2024-5843
CVE-2024-30080
code execution
CVE-2024-4577
CVE-2024-26169
wireless
remote code execution
CVE-2024-36103
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »