Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-10062
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote malicious users to conduct XSS attacks via (for example) J...
Bluespire Aurelia Framework
NA
CVE-2022-34473
The HTML Sanitizer should have sanitized the <code>href</code> attribute of SVG <code><use></code> tags; however it incorrectly did not sanitize <code>xlink:href</code> attributes. This vulnerability affects Firefox < 102.
Mozilla Firefox
NA
CVE-2023-31126
`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does...
Xwiki Xwiki
NA
CVE-2022-34475
SVG <code><use></code> tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the malicious user to reference a same-origin JavaScript file ...
Mozilla Firefox
NA
CVE-2023-23627
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, before 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in X...
Sanitize Project Sanitize
NA
CVE-2023-36823
Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed"...
Sanitize Project Sanitize
Debian Debian Linux 10.0
4.3
CVSSv2
CVE-2016-4026
An issue exists in Open-Xchange OX App Suite prior to 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious scri...
Open-xchange Open-xchange Appsuite
4.3
CVSSv2
CVE-2007-0857
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin prior to 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via (1) the page info, or the page name in a (2) AttachFile, (3) RenamePage, or (4) LocalSiteMap action.
Moinmoin Moinmoin 1.5.1
Moinmoin Moinmoin 1.5.2
Moinmoin Moinmoin 1.5.5a
Moinmoin Moinmoin
Moinmoin Moinmoin 1.5.3 Rc2
Moinmoin Moinmoin 1.5.4
Moinmoin Moinmoin 1.5.0
Moinmoin Moinmoin 1.5.5
Moinmoin Moinmoin 1.5.5 Rc1
Moinmoin Moinmoin 1.5.3
Moinmoin Moinmoin 1.5.3 Rc1
NA
CVE-2023-36471
Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can b...
Xwiki Commons
Xwiki Commons 15.0
Xwiki Commons 15.1
4.3
CVSSv2
CVE-2021-28957
An XSS vulnerability exists in python-lxml's clean module versions prior to 4.6.3. When disabling the safe_attrs_only and forms arguments, the Cleaner class does not remove the formaction attribute allowing for JS to bypass the sanitizer. A remote attacker could exploit this...
Lxml Lxml
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Netapp Snapcenter -
Oracle Zfs Storage Appliance Kit 8.8
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »