Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-19619
domain/section/markdown/markdown.go in Documize prior to 3.5.1 mishandles untrusted Markdown content. This was addressed by adding the bluemonday HTML sanitizer to defend against XSS.
Documize Documize
4.3
CVSSv2
CVE-2015-7578
Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via crafted tag attributes.
Rubyonrails Html Sanitizer
4.3
CVSSv2
CVE-2015-7580
Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem prior to 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote malicious users to inject arbitrary web script or HTML via a crafted CDATA node.
Rubyonrails Html Sanitizer
9.3
CVSSv2
CVE-2013-1685
Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7 allows remote malicious users to execute arbitrary code or cause a de...
Mozilla Firefox 19.0
Mozilla Firefox 19.0.1
Mozilla Firefox 20.0.1
Mozilla Firefox
Mozilla Firefox 19.0.2
Mozilla Firefox 20.0
Mozilla Firefox Esr 17.0.1
Mozilla Firefox Esr 17.0
Mozilla Firefox Esr 17.0.2
Mozilla Firefox Esr 17.0.5
Mozilla Firefox Esr 17.0.6
Mozilla Firefox Esr 17.0.3
Mozilla Firefox Esr 17.0.4
Mozilla Thunderbird 17.0
Mozilla Thunderbird 17.0.1
Mozilla Thunderbird 17.0.2
Mozilla Thunderbird
Mozilla Thunderbird 17.0.3
Mozilla Thunderbird 17.0.4
Mozilla Thunderbird 17.0.5
Mozilla Thunderbird Esr 17.0.2
Mozilla Thunderbird Esr 17.0.3
6.8
CVSSv2
CVE-2012-5830
Use-after-free vulnerability in Mozilla Firefox prior to 17.0, Firefox ESR 10.x prior to 10.0.11, Thunderbird prior to 17.0, Thunderbird ESR 10.x prior to 10.0.11, and SeaMonkey prior to 2.14 on Mac OS X allows remote malicious users to execute arbitrary code via an HTML document...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Seamonkey
Mozilla Thunderbird
Mozilla Thunderbird Esr
Redhat Enterprise Linux Desktop 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Eus 6.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server Eus 6.3
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Workstation 6.0
Suse Suse Linux Enterprise Software Development Kit 11.0
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 12.10
Opensuse Opensuse 11.4
Opensuse Opensuse 12.1
Opensuse Opensuse 12.2
Suse Suse Linux Enterprise Desktop 10
4.3
CVSSv2
CVE-2020-27783
A XSS vulnerability exists in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code.
Lxml Lxml
Redhat Enterprise Linux 8.0
Redhat Software Collections -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Netapp Snapcenter -
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Zfs Storage Appliance Kit 8.8
1 Github repository
6.8
CVSSv2
CVE-2022-1240
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 before 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For...
Radare Radare2
5
CVSSv2
CVE-2022-31103
lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/m...
Lettersanitizer Project Lettersanitizer
4.3
CVSSv2
CVE-2020-26293
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an atta...
Htmlsanitizer Project Htmlsanitizer
5
CVSSv2
CVE-2018-3740
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Sanitize Project Sanitize
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »