19 matches found
CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)
SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...
CVE-2025-65924
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...
EUVD-2022-5301
Malicious code in bioql PyPI...
EUVD-2024-19848
Malicious code in bioql PyPI...
CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
CVE-2024-22287
Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
CVE-2024-22287
Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
CVE-2024-22287
Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Ludek Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
CVE-2024-22287 WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
CVE-2024-22287 WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...
CVE-2024-22287
CVE-2024-22287 : A CSRF vulnerability in the WordPress plugin Better Anchor Links (versions
PT-2024-19308 · Luděk Melichar · Better Anchor Links
Name of the Vulnerable Software and Affected Versions: Luděk Melichar Better Anchor Links versions 1.7.5 and earlier Description: A Cross-Site Request Forgery CSRF issue in Luděk Melichar Better Anchor Links allows for Cross-Site Scripting XSS. Recommendations: For versions 1.7.5 and earlier,...
WordPress plugin Better Anchor Links Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...
WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Better Anchor Links Type Plugin Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22287 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4703f9e2f6d3 Credits Dimas Maulana...
Design/Logic Flaw
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier...
CVE-2017-7844
CVE-2017-7844 【Firefox】 is caused by a combination of an external SVG image on a page and coloring of links within that image, enabling a malicious site to infer which pages a user has visited in history. Affected: Firefox 57; earlier releases are not affected. The issue is mitigated by upgrading...
CVE-2017-7844
A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier...
KLA11150 Multiple vulnerabilities in Mozilla Firefox
Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information. 1. A vulnerability in IndexedDB component can be exploited remotelly to obtain sensitive information; 2. A rendering of external SVG images and anchor...