Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 6:38 p.m.4 views

CVE-2026-27474 SPIP < 4.4.9 Cross-Site Scripting in Private Area (Incomplete Fix)

SPIP before 4.4.9 allows Cross-Site Scripting XSS in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappeantixss function was not systematically applied to input, form, button, and anchor a HTML tags, allowing an attacker to inject malicious scripts through these element...

6.1CVSS5.6AI score0.00264EPSS
Exploits0References3
OSV
OSV
added 2026/02/03 6:16 p.m.5 views

CVE-2025-65924

ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...

4.1CVSS5.6AI score
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5301

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.01724EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-19848

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/06 5:26 p.m.15 views

CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc

MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...

9.3CVSS0.00632EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/04 11:48 p.m.8 views

CVE-2024-22287

Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

7.1CVSS7AI score0.00176EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 12:16 p.m.4 views

CVE-2024-22287

Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

6.1CVSS7.3AI score0.00176EPSS
Exploits0References1
NVD
NVD
added 2024/01/31 12:16 p.m.15 views

CVE-2024-22287

Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

7.1CVSS6.7AI score0.00176EPSS
Exploits0References1
Prion
Prion
added 2024/01/31 12:16 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Ludek Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

5.8CVSS6.3AI score0.00176EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/31 12:1 p.m.21 views

CVE-2024-22287 WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

7.1CVSS6.6AI score0.00176EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/31 12:1 p.m.20 views

CVE-2024-22287 WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting XSS.This issue affects Better Anchor Links: from n/a through 1.7.5...

7.1CVSS6.8AI score0.00176EPSS
Exploits0References1
CVE
CVE
added 2024/01/31 12:1 p.m.57 views

CVE-2024-22287

CVE-2024-22287 : A CSRF vulnerability in the WordPress plugin Better Anchor Links (versions

7.1CVSS7AI score0.00176EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.4 views

PT-2024-19308 · Luděk Melichar · Better Anchor Links

Name of the Vulnerable Software and Affected Versions: Luděk Melichar Better Anchor Links versions 1.7.5 and earlier Description: A Cross-Site Request Forgery CSRF issue in Luděk Melichar Better Anchor Links allows for Cross-Site Scripting XSS. Recommendations: For versions 1.7.5 and earlier,...

7.1CVSS6.7AI score0.00176EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/01/31 12:0 a.m.2 views

WordPress plugin Better Anchor Links Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

7.1CVSS6.5AI score0.00176EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/01/16 12:0 a.m.16 views

WordPress Better Anchor Links Plugin <= 1.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Better Anchor Links Type Plugin Vulnerable versions = 1.7.5 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-22287 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4703f9e2f6d3 Credits Dimas Maulana...

7.1CVSS6.6AI score0.00176EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/06/11 9:29 p.m.18 views

Design/Logic Flaw

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier...

4.3CVSS6.1AI score0.01778EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/06/11 9:0 p.m.120 views

CVE-2017-7844

CVE-2017-7844 【Firefox】 is caused by a combination of an external SVG image on a page and coloring of links within that image, enabling a malicious site to infer which pages a user has visited in history. Affected: Firefox 57; earlier releases are not affected. The issue is mitigated by upgrading...

6.5CVSS6.1AI score0.01778EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.19 views

CVE-2017-7844

A combination of an external SVG image referenced on a page and the coloring of anchor links stored within this image can be used to determine which pages a user has in their history. This can allow a malicious website to query user history. Note: This issue only affects Firefox 57. Earlier...

6.5CVSS8.1AI score0.01778EPSS
Exploits0
Kaspersky
Kaspersky
added 2017/11/29 12:0 a.m.395 views

KLA11150 Multiple vulnerabilities in Mozilla Firefox

Multiple serious vulnerabilities have been found in Firefox. Malicious users can exploit these vulnerabilities to obtain sensitive information. 1. A vulnerability in IndexedDB component can be exploited remotelly to obtain sensitive information; 2. A rendering of external SVG images and anchor...

7.5CVSS7.7AI score0.02989EPSS
Exploits1References3
Rows per page
Query Builder