Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTMLSanitizer.jl Possible XSS
Vulnerability Description
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could result in possible cross-site scripting (XSS) in any HTML that is sanitized with this library. This issue has been patched in version 0.2.1. A workaround involves adding the math and svg elements to the whitelist manually.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HTMLSanitizer 跨站脚本漏洞
Vulnerability Description
HTMLSanitizer是JuliaHub开源的一个HTML格式化软件。 HTMLSanitizer 0.2.1之前版本存在跨站脚本漏洞,该漏洞源于style标签内容未正确转义导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A