RSS   Vulnerabilities for 'TIDY'   RSS

2017-08-25
 
CVE-2017-13692

 

 
IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862.

 
2015-08-11
 
CVE-2015-5523

 

 
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

 
 
CVE-2015-5522

 

 
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

 


Copyright 2024, cxsecurity.com

 

Back to Top