CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-42576
https://notcve.org/view.php?id=CVE-2021-42576
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. bluemonday sanitizer versiones anteriores a 1.0.16 para Go, y versiones anteriores a 0.0.8 para Python (en pybluemonday), no aplica apropiadamente las políticas asociadas a los elementos SELECT, STYLE y OPTION • https://docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29272
https://notcve.org/view.php?id=CVE-2021-29272
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. bluemonday versiones anteriores a 1.0.5, permite un ataque de tipo XSS porque determinadas minúsculas Go se convierten a un carácter Cyrillic en mayúsculas, anulando un mecanismo de protección contra la cadena "script". • https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5 https://vuln.ryotak.me/advisories/4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •