12 matches found
PT-2024-25903 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...
Vditor 跨站脚本漏洞
Vditor is a browser-side Markdown editor by the individual developer Vanessa219. A cross-site scripting vulnerability exists in Vditor version 3.10.3, which originates from allowing cross-site scripting attacks via attributes of A element...
PT-2022-25345 · Openkm · Openkm
Name of the Vulnerable Software and Affected Versions: OpenKM version 6.3.11 Description: The issue allows stored XSS related to the javascript: substring in an A element. This could potentially lead to malicious script execution when a user interacts with the affected element. Recommendations: F...
OpenKM 跨站脚本漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM version 6.3.11, which originates from a stored cross-site script that can be realized by an attacker via a...
GHSA-H3CQ-J957-VHXG Cross-site Scripting in fullpage.js
using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element...
GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2010-3327
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure...
Information disclosure
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure...
PT-2010-4738 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue is related to the improper handling of the Anchor element during content pasting and editing in Internet Explorer. This might allow remote attackers to obtain sensitive...
Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
This host is missing a critical security update according to Microsoft Bulletin MS10-071. OpenVAS Vulnerability Test $Id: secpodms10-071.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer Multiple Vulnerabilities 2360131 Authors: Sooraj KS Copyright: Copyright c 2010 SecPod,...
CVE-2006-0799
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to lo...
Code injection
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to lo...