SUSE CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

SUSE CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

SUSE CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

SUSE CVE-2022-23518

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions = 1.0.3, = 2.1.0. This issue is patched in version 1.4.4...

Cross-Site Scripting (XSS)

loofah is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization data urls in the image/svg+xml parameter in safelist.rb which allows a remote attacker to inject and execute malicious JavaScript into the system...

Cross-site Scripting (XSS)

nukeviet/nukeviet is vulnerable to cross-site scripting.The vulnerability exists in Request.php due to incorrectly neutralized user-controllable inputs which allows an attacker to inject and execute malicious javascript through Data URL Handler...

GHSA-X45F-J34V-75XM NukeView CMS vulnerable to Cross-site Scripting

NukeView CMS has been found to be vulnerable to Cross-site Scripting. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may...

NukeView CMS vulnerable to Cross-site Scripting

NukeView CMS has been found to be vulnerable to Cross-site Scripting. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting. The attack may...

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2022-3975

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

Cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

Vinades NukeViet 安全漏洞

Vinades NukeViet is an open source Content Management System CMS from Vinades Vietnam. A security vulnerability exists in Vinades NukeViet CMS, which originates from an affected filterAttr function in the vendor/vinades/nukeviet/Core/Request.php file of the Data URL Handler component, where...

CVE-2022-3975 NukeViet CMS Data URL Request.php filterAttr cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

CVE-2022-3975 NukeViet CMS Data URL Request.php filterAttr cross site scripting

A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the argument attrSubSet leads to cross site scripting...

Fedora: Security Advisory for golang-github-vincent-petithory-dataurl (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-vincent-petithory-dataurl-0-0.8.20200110gitd1553a7.fc36

Data URL Schemes in Golang...

Fedora: Security Advisory for golang-github-vincent-petithory-dataurl (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-github-vincent-petithory-dataurl (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-vincent-petithory-dataurl-0-0.7.20200110gitd1553a7.fc36

Data URL Schemes in Golang...

Django Allows Redirect via Data URL

The 1 django.http.HttpResponseRedirect and 2 django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote attackers to conduct cross-site scripting XSS attacks via a data: URL...