CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

CVE-2026-53606

A CVE-2026-53606 entry concerns ApostropheCMS (Node.js) and its dependency sanitize-html. The issue arises in sanitize-html versions prior to 2.17.5, where allowedSchemesAppliedToAttributes (default: ['href','src','cite']) do not cover all URI-bearing attributes (e.g., action, formaction, data, p...

GHSA-HHG7-C65M-H7FF Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS)

Description symfony/html-sanitizer lets applications sanitise untrusted HTML. UrlAttributeSanitizer is the visitor responsible for validating URL-valued attributes and stripping dangerous schemes from them; it runs on every element regardless of configuration. Whether an attribute is kept is...

PT-2026-44727

Name of the Vulnerable Software and Affected Versions symfony/html-sanitizer versions prior to 6.4 Description The UrlAttributeSanitizer visitor fails to validate the schemes of several URL-valued attributes because they are missing from the getSupportedAttributes list. Specifically, the action...

Cross-site Scripting (XSS)

Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete URL attribute validation in UrlAttributeSanitizer. An attacke...

SUSE CVE-2011-1772

Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...

Cross-Site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting. The vulnerability exists due to a lack of escape of the config-form's action attribute. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

GHSA-4952-P58Q-6CRX JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>

Impact Untrusted notebook can execute code on load. This is a remote code execution, but requires user action to open a notebook. Patches Patched in the following versions: 3.1.4, 3.0.17, 2.3.2, 2.2.10, 1.2.21. References OWASP Page on Restricting Form Submissions For more information If you have...

Cross-site Scripting (XSS)

lxml is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary script via HTML action attribute into defs.linkattrs in html/defs.py...

GHSA-6QQJ-RX4W-R3CJ CSRF Vulnerability in jquery-ujs

Versions 1.0.3 and earlier of jquery-ujs are vulnerable to an information leakage attack that may enable attackers to launch CSRF attacks, as it allows attackers to send CSRF tokens to external domains. When an attacker controls the href attribute of an anchor tag, or the action attribute of a fo...

Cross-site Scripting (XSS)

struts2-core is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper handling of double quote characters in the href attribute of the s:a tag, as well as the parameters in the action attribute of the s:url tag, allowing XSS attacks...

Apache Struts Cross Site Scripting Vulnerability

This host is running Apache Struts and is prone to Cross Site Scripting Vulnerability. OpenVAS Vulnerability Test $Id: gbapachestrutsxssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Apache Struts Cross Site Scripting Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Network...

CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

CVE-2026-45753: HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite: javascript: URI Survives Sanitization (XSS)

More info at https://symfony.com/cve-2026-45753...