Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Possible XSS bypass if style tag is allowed
Vulnerability Description
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `<style>` tag, an attacker could craft HTML that includes script after passing through the sanitizer. The default settings disallow the `<style>` tag so there is no risk if you have not explicitly allowed the `<style>` tag. The problem has been fixed in version 5.0.372.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
Vulnerability Type
输出中的特殊元素转义处理不恰当(注入)
Vulnerability Title
Mganss HtmlSanitizer 跨站脚本漏洞
Vulnerability Description
Mganss HtmlSanitizer是Mganss个人开发者的一个基于C#、AngleSharp用于从清楚源代码中可能导致XSS攻击的HTML代码和文档的软件。 HtmlSanitizer 存在跨站脚本漏洞,攻击者可利用该漏洞就可以在通过杀毒软件后制作包含脚本的HTML。
CVSS Information
N/A
Vulnerability Type
N/A