Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Vulnerability Description
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Mganss HtmlSanitizer 跨站脚本漏洞
Vulnerability Description
Mganss HtmlSanitizer是Mganss个人开发者的一个基于C#、AngleSharp用于从清楚源代码中可能导致XSS攻击的HTML代码和文档的软件。 Mganss HtmlSanitizer存在跨站脚本漏洞,该漏洞源于存在跨站脚本(XSS)漏洞。受影响的产品和版本:HtmlSanitizer 8.0.718及之前版本,8.1.719-beta及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A