Description
An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags.
Remediation
References
Related Vulnerabilities
WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)
Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)
WordPress Plugin Smart Email Alerts Cross-Site Scripting (1.0.10)
IBM WebSEAL CVE-2018-1813 Vulnerability (CVE-2018-1813)
WordPress Plugin Candidate Application Form Arbitrary File Download (1.0)