Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
html sanitizer vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2007-0901
Multiple cross-site scripting (XSS) vulnerabilities in Info pages in MoinMoin 1.5.7 allow remote malicious users to inject arbitrary web script or HTML via the (1) hitcounts and (2) general parameters, different vectors than CVE-2007-0857. NOTE: the provenance of this information...
Moinmoin Moinmoin 1.5.7
6.8
CVSSv2
CVE-2020-26973
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
6.8
CVSSv2
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a s...
Lxml Lxml
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Netapp Solidfire -
Netapp Solidfire Enterprise Sds -
Netapp Hci Storage Node Firmware -
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Oracle Communications Cloud Native Core Binding Support Function 22.1.3
Oracle Communications Cloud Native Core Policy 22.2.0
Oracle Communications Cloud Native Core Network Exposure Function 22.1.1
4.3
CVSSv2
CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and...
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Opensuse Leap 15.2
4.3
CVSSv2
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection in...
Mozilla Firefox
Mozilla Firefox Esr
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server Tus 7.7
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Workstation 7.0
4.3
CVSSv2
CVE-2020-16012
Side-channel information leakage in graphics in Google Chrome before 87.0.4280.66 allowed a remote malicious user to leak cross-origin data via a crafted HTML page.
Google Chrome
Mozilla Firefox
1 Github repository
4.3
CVSSv2
CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
4.3
CVSSv2
CVE-2013-6452
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via crafted XSL in an SVG file.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
4.3
CVSSv2
CVE-2013-6454
Cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to inject arbitrary web script or HTML via a -o-link attribute.
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
4.3
CVSSv2
CVE-2020-26951
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitize...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »