Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Microco Subscribe
Filtered by product Bluemonday
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-42576 2 Microco, Python 2 Bluemonday, Pybluemonday 2021-10-26 7.5 HIGH 9.8 CRITICAL
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVE-2021-29272 1 Microco 1 Bluemonday 2021-06-04 4.3 MEDIUM 6.1 MEDIUM
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.