Bluemonday
by Bluemonday
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-42576 | 0.00 | — | 0.00 | Oct 18, 2021 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | |||
| CVE-2021-29272 | 0.00 | — | 0.00 | Mar 27, 2021 | bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. |
- CVE-2021-42576Oct 18, 2021risk 0.00cvss —epss 0.00
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
- CVE-2021-29272Mar 27, 2021risk 0.00cvss —epss 0.00
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.