CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-29771 – HtmlSanitizer vulnerable to XSS when used with contentEditable
https://notcve.org/view.php?id=CVE-2025-29771
14 Mar 2025 — HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3. • https://github.com/jitbit/HtmlSanitizer/commit/af6d2a78877e7277cd01c825b7fb50edb5956963 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18636
https://notcve.org/view.php?id=CVE-2019-18636
01 Nov 2019 — A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum (aka ASP.NET forum) 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter. Una vulnerabilidad de tipo cross-site scripting (XSS) en Jitbit .NET Forum (también se conoce como ASP.NET forum) versión 8.3.8, permite a atacantes remotos inyectar script web o HTML arbitrario mediante el parámetro URL gravatar. • https://reallinkers.github.io/CVE-2019-18636 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 2CVE-2017-18486
https://notcve.org/view.php?id=CVE-2017-18486
09 Aug 2019 — Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user. Jitbit Helpdesk en versiones anteriores... • https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass • CWE-332: Insufficient Entropy in PRNG •