Description
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2005-2093)
MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)
WordPress Plugin Xorbin Digital Flash Clock Cross-Site Scripting (1.0)
WordPress Plugin Aviary Image Editor Add-on For Gravity Forms Arbitrary File Upload (3.0)
Oracle Application Server CVE-2009-0996 Vulnerability (CVE-2009-0996)