Описание
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.19.9-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | released | 1.19.2-1ubuntu1.1 |
| lunar | released | 1.19.8-1ubuntu0.1 |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.20.4-1 |
| focal | not-affected | 1.20.3-1ubuntu0.1~20.04 |
| jammy | not-affected | 1.20.3-1ubuntu0.1~22.04 |
| kinetic | DNE | |
| lunar | released | 1.20.3-1ubuntu0.1 |
| trusty | ignored | end of standard support |
| upstream | released | 1.20.4-1 |
| xenial | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
7.3 High
CVSS3
Связанные уязвимости
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
Improper sanitization of CSS values in html/template
Angle brackets (<>) are not considered dangerous characters when inser ...
Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.
EPSS
7.3 High
CVSS3