{"id":"CVE-2017-9306","details":"inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an \"\u003csvg/onload=\" substring instead of an \"\u003csvg onload=\" substring.","modified":"2026-04-10T04:01:25.732454Z","published":"2017-05-31T04:29:00.333Z","references":[{"type":"EVIDENCE","url":"https://www.cdxy.me/?p=763"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nuxsmin/syspass","events":[{"introduced":"0"},{"last_affected":"0a63fc30b95d5ccc3c8397d05c2098c9b557dd3d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.9"}]}}],"versions":["1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.1.2.18","1.1.2.19","1.1.2.20","1.1.2.21","1.1.2.22","1.1.2.23","1.1.2.24","1.2.0.02-rc2","1.2.0.03-rc3","1.2.0.04-rc4","1.2.0.05-rc5","1.2.0.06","1.2.0.07","1.2.0.08","1.2.0.09","1.2.0.10","1.2.0.11","1.2.0.12","1.2.0.13","1.2.0.14","1.2.0.16","1.2.0.17","1.2.0.18","1.2.0.19","1.2.0.20","1.2.0.21","2.0.0.17021301","2.0.0.17021302","2.0.0.17021601","2.1.0.17022601","2.1.0.17030201","2.1.1.17030601","2.1.2.17031401","2.1.3.17031601","2.1.4.17032801","2.1.5.17041201","2.1.6.17041401","2.1.7.17042101","2.1.8.17042901","2.1.9.17050401"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9306.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}