Filtered by vendor Microco Subscriptions
Filtered by product Bluemonday Subscriptions
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-42576 2 Microco, Python 2 Bluemonday, Pybluemonday 2024-11-21 9.8 Critical
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CVE-2021-29272 1 Microco 1 Bluemonday 2024-11-21 6.1 Medium
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.