Описание
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.
Ссылки
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Patch
- Vendor Advisory
- Vendor Advisory
- Release Notes
- Mailing ListPatchThird Party Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Patch
- Vendor Advisory
- Vendor Advisory
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 0.99999999 (включая)
cpe:2.3:a:html5lib:html5lib:*:1.0b8:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00494
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 9 лет назад
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.
CVSS3: 6.1
debian
почти 9 лет назад
The serializer in html5lib before 0.99999999 might allow remote attack ...
EPSS
Процентиль: 65%
0.00494
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79