Filtered by vendor Microco
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42576 | 2 Microco, Python | 2 Bluemonday, Pybluemonday | 2021-10-26 | 7.5 HIGH | 9.8 CRITICAL |
| The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | |||||
| CVE-2021-29272 | 1 Microco | 1 Bluemonday | 2021-06-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. | |||||