Описание
Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a word that has a corresponding glossary entry.
EPSS
Процентиль: 30%
0.00112
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 1 года назад
Glossarizer Cross-site Scripting vulnerability
EPSS
Процентиль: 30%
0.00112
Низкий
9.9 Critical
CVSS3
Дефекты
CWE-79