stripped software vulnerabilities
vulnerabilities.aspcode.net
Searching stripped software vulnerabilities
Validate-before-filter vulnerability in cleanht
Validate-before-filter
|
vulnerability
|
cleanhtmlpl
|
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
Interpretation conflict between Internet Explor
Interpretation
|
presentation
|
protection
|
mechanisms
|
characters
|
attackers
|
stripped
|
possibly
|
Explorer
|
Internet
|
browsers
|
conflict
|
content
|
legible
|
between
|
filters
|
Mozilla
|
Firefox
|
bypass
|
remote
|
visual
|
modify
|
render
|
Opera
|
which
|
using
|
could
|
ASCII
|
allow
|
might
|
pages
|
other
|
such
|
text
|
but
|
not
|
web
|
set
|
8th
|
via
|
bit
|
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of Sunday, June 25, 2006, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
Software vulnerabilities results 1 to 3 of 3
Page:
1