exploitDog

GHSA-2wc2-3qx9-3828

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.

Ссылки

EPSS

Процентиль: 56%

0.00336

Низкий

CVE ID

Связанные уязвимости

CVE-2005-2608

nvd

больше 20 лет назад

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.

EPSS

Процентиль: 56%

0.00336

Низкий

CVE ID