Описание
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
Ссылки
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Patch
- Vendor Advisory
- Vendor Advisory
- Release Notes
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Patch
- Vendor Advisory
- Vendor Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 0.99999999 (включая)
cpe:2.3:a:html5lib:html5lib:*:1.0b8:*:*:*:*:*:*
EPSS
Процентиль: 64%
0.00463
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 9 лет назад
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
CVSS3: 6.1
debian
почти 9 лет назад
The serializer in html5lib before 0.99999999 might allow remote attack ...
CVSS3: 6.1
github
больше 3 лет назад
Improper Neutralization of Input During Web Page Generation in html5lib
EPSS
Процентиль: 64%
0.00463
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79