RSS   Vulnerabilities for 'Bluemonday'   RSS

2021-10-18
 
CVE-2021-42576

CWE-20
 

 
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.

 
2021-03-27
 
CVE-2021-29272

CWE-79
 

 
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.

 


Copyright 2024, cxsecurity.com

 

Back to Top