Defuddle
Monthly
Defuddle versions prior to 0.9.0 fail to properly escape image attributes in HTML processing, allowing attackers to inject malicious event handlers through specially crafted alt text containing quote characters. Public exploit code exists for this cross-site scripting vulnerability. The vulnerability affects all users of Defuddle before version 0.9.0, and a patch is available.
Defuddle versions prior to 0.9.0 fail to properly escape image attributes in HTML processing, allowing attackers to inject malicious event handlers through specially crafted alt text containing quote characters. Public exploit code exists for this cross-site scripting vulnerability. The vulnerability affects all users of Defuddle before version 0.9.0, and a patch is available.