Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2016-9909

Published: 22/02/2017 Updated: 23/02/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Html5lib

Vulnerability Summary

The serializer in html5lib prior to 0.99999999 might allow remote malicious users to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.

Vulnerable Product Search on Vulmon Subscribe to Product

html5lib html5lib

Vendor Advisories

Arch Linux Issues:
A potential cross site scripting vulnerability was found in python- html5lib due to unquoted attributes that need escaping in legacy browsers ...

Github Repositories

https://github.com/cclauss/pythonista-module-versions

Compare the version numbers of extra modules in Pythonista with PyPI

pythonista-module-versions Compare the version numbers of extra modules in Pythonista with PyPI Results: pyupio/account/repos/github/cclauss/pythonista-module-versions/ requiresio/github/cclauss/pythonista-module-versions/requirements/ Pythonista version 311 (311016) running Python 361 on iOS 1033 on an iPad3,4 =====================================

https://github.com/isaccanedo/pythonista-module-versions

⚡ Compare the version numbers of extra modules in Pythonista with PyPI

pythonista-module-versions Compare os números de versão de módulos extras no Pythonista com o PyPI Resultos: pyupio/account/repos/github/cclauss/pythonista-module-versions/ requiresio/github/cclauss/pythonista-module-versions/requirements/ Pythonista version 311 (311016) running Python 361 on iOS 1033 on an iPad3,4 ============

References

CWE-79https://html5lib.readthedocs.io/en/latest/changes.html#b9https://github.com/html5lib/html5lib-python/issues/12https://github.com/html5lib/html5lib-python/issues/11https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7http://www.securityfocus.com/bid/95132http://www.openwall.com/lists/oss-security/2016/12/08/8http://www.openwall.com/lists/oss-security/2016/12/06/5https://nvd.nist.govhttps://github.com/cclauss/pythonista-module-versionshttps://security.archlinux.org/CVE-2016-9909
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook