Lucene search
K

39 matches found

Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43519

The Formidable Kinetic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'kinetic link' shortcode in versions up to, and including, 1.1.01. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes notably 'window', 'class', a...

6.4CVSS6AI score0.00187EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/21 3:52 p.m.34 views

CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

6.1CVSS0.00199EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/05 9:13 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

8.7CVSS5.8AI score0.00306EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.7 views

PT-2026-20847

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.9 Description SPIP versions before 4.4.9 contain a Cross-Site Scripting XSS issue in the private area. The echappe anti xss function was not consistently applied to input, form, button, and anchor HTML tags, enabling...

5.4CVSS5.3AI score
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/04 5:16 p.m.14 views

CVE-2025-20385

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...

4.8CVSS6.9AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.5 views

PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

4.8CVSS6.7AI score0.00241EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-9819

Malware in sbrugna...

6.1CVSS6.1AI score0.00256EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-2299

Malware in sbrugna...

5CVSS6.4AI score0.14538EPSS
Exploits1References4
Imperva Blog
Imperva Blog
added 2024/02/15 4:22 p.m.24 views

Hacking Microsoft and Wix with Keyboard Shortcuts

Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery CSRF attacks. However, not all security measures are foolproof. In their quest to combat Cross-Si...

6.6AI score
Exploits0
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.4 views

Weseek GROWI Cross-Site Scripting Vulnerability

Weseek GROWI is a team collaboration software from Weseek Japan. A cross-site scripting vulnerability exists in Weseek GROWI versions prior to v6.0.0, which originates from cross-site scripting in the anchor tag and can be exploited by an attacker to execute arbitrary script on a user's web brows...

5.4CVSS6.5AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/26 12:0 a.m.5 views

PT-2023-31348 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.0 Description: A stored cross-site scripting issue exists in the anchor tag of GROWI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed the site using the product...

5.4CVSS5.3AI score0.0034EPSS
Exploits0References7
Atlassian
Atlassian
added 2023/10/30 2:10 p.m.37 views

Help links not using security attributes

h3. Issue Summary Links to documentation use the anchor tag attribute target="blank" without using rel="noopener noreferrer". Best practice is to include rel="noopener noreferrer" on any link opened with target="blank" We've had some customers report that this is triggering automated security...

7.3AI score
Exploits0Affected Software1
Prion
Prion
added 2023/07/14 1:15 p.m.21 views

Input validation

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...

5.8CVSS5.4AI score0.0035EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/14 12:29 p.m.27 views

CVE-2023-3434 QRC Handler without Input Validation in Jami

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...

4.4CVSS5.7AI score0.0035EPSS
Exploits0References3
OSV
OSV
added 2023/04/29 3:15 a.m.11 views

CVE-2023-30792

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

6.1CVSS6.4AI score
Exploits0References1
Prion
Prion
added 2023/04/29 3:15 a.m.22 views

Cross site scripting

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

5.8CVSS6AI score0.00395EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/04/29 2:21 a.m.51 views

CVE-2023-30792

The CVE-2023-30792 issue affects Meta Platforms Lexical versions prior to 0.10.0, where anchor tag hrefs render javascript: URLs when parsing input from untrusted sources, enabling cross-site scripting on link clicks. The vulnerability stems from unsanitized hrefs in anchor elements (createDOM pa...

6.1CVSS6AI score0.00395EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:39 a.m.6 views

SUSE CVE-2013-2115

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966...

9.3CVSS9AI score0.72778EPSS
Exploits9References3
OSV
OSV
added 2022/05/14 12:54 a.m.4 views

GHSA-737W-MH58-CXJP Arbitrary code execution in Apache Struts

Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the 1 URL or 2 A tag...

9.3CVSS7.5AI score0.71767EPSS
Exploits6References6
OSV
OSV
added 2022/05/13 1:16 a.m.4 views

GHSA-7GHM-RPC7-P7G5 Code injection in Apache Struts

A vulnerability introduced by forcing parameter inclusion in the URL and Anchor Tag allows remote command execution, session access and manipulation and XSS attacks. both the s:url and s:a tag provide an includeParams attribute. The main scope of that attribute is to understand whether includes...

8.1CVSS7.6AI score0.72778EPSS
Exploits9References12
Rows per page
Query Builder