Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-9909

Опубликовано: 22 фев. 2017
Источник: debian

Описание

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
html5libfixed0.999999999-1package
html5libno-dsajessiepackage
html5libno-dsawheezypackage

Примечания

  • Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7

  • https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068

  • https://www.openwall.com/lists/oss-security/2016/12/06/5

Связанные уязвимости

ubuntu логотип

CVE-2016-9909

CVSS3: 6.1
ubuntu
почти 9 лет назад

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.

nvd логотип

CVE-2016-9909

CVSS3: 6.1
nvd
почти 9 лет назад

The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.

github логотип

GHSA-v9v9-xffq-rwr4

CVSS3: 6.1
github
больше 3 лет назад

Improper Neutralization of Input During Web Page Generation in html5lib