12 matches found
PT-2024-25903 · Vditor · Vditor
Name of the Vulnerable Software and Affected Versions: Vditor version 3.10.3 Description: The issue allows XSS via an attribute of an A element. The vendor indicates that a user is supposed to mitigate this via sanitize=true. Recommendations: For Vditor version 3.10.3, to mitigate the issue, set...
Vditor 跨站脚本漏洞
Vditor is a browser-side Markdown editor by the individual developer Vanessa219. A cross-site scripting vulnerability exists in Vditor version 3.10.3, which originates from allowing cross-site scripting attacks via attributes of A element...
OpenKM 跨站脚本漏洞
OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A security vulnerability exists in OpenKM version 6.3.11, which originates from a stored cross-site script that can be realized by an attacker via a...
PT-2022-25345 · Openkm · Openkm
Name of the Vulnerable Software and Affected Versions: OpenKM version 6.3.11 Description: The issue allows stored XSS related to the javascript: substring in an A element. This could potentially lead to malicious script execution when a user interacts with the affected element. Recommendations: F...
GHSA-H3CQ-J957-VHXG Cross-site Scripting in fullpage.js
using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element...
GHSA-WG85-P6J7-GP3W SimpleMDE XSS Vulnerability
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2010-3327
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure...
Information disclosure
The implementation of HTML content creation in Microsoft Internet Explorer 6 through 8 does not remove the Anchor element during pasting and editing, which might allow remote attackers to obtain sensitive deleted information by visiting a web page, aka "Anchor Element Information Disclosure...
Microsoft Internet Explorer Multiple Vulnerabilities (2360131)
This host is missing a critical security update according to Microsoft Bulletin MS10-071. OpenVAS Vulnerability Test $Id: secpodms10-071.nasl 6527 2017-07-05 05:56:34Z cfischer $ Microsoft Internet Explorer Multiple Vulnerabilities 2360131 Authors: Sooraj KS Copyright: Copyright c 2010 SecPod,...
PT-2010-4738 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue is related to the improper handling of the Anchor element during content pasting and editing in Internet Explorer. This might allow remote attackers to obtain sensitive...
CVE-2006-0799
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to lo...
Code injection
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to lo...