Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-59923

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 3 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-59923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References3
Snyk
Snyk
added 4 days ago5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl function. An attacker can execute arbitrary scripts in the rendered HTML by supplying specially crafted percent-encoded javascript URIs in Markdown links or images. Details Cross-site scripting o...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-59923 Mistune: XSS via percent-encoded javascript URI bypass in safe_url()

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS0.00199EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2005-0693

Malware in sbrugna...

4.3CVSS6.4AI score0.01164EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-0308

Malware in sbrugna...

4.3CVSS6.4AI score0.01022EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-1010083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data...

7.5CVSS6.2AI score0.03855EPSS
Exploits1References2
HackRead
HackRead
added 2024/10/23 12:24 p.m.11 views

Attackers Use Encoded JavaScript to Deliver Malware

Cyber attackers are using encoded JavaScript files to hide malware, abusing Microsoft's Script Encoder to disguise harmful scripts…...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.6 views

Collabora Online 安全漏洞

Collabora Online is an application from Collabora UK. A powerful LibreOffice-based online office that supports all major document, spreadsheet and presentation file formats. A security vulnerability exists in Collabora Online versions prior to 24.04.6.2, which stems from the ability to inject...

6.3CVSS6.6AI score0.00272EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2022/09/14 9:0 p.m.26 views

Malvertising on Microsoft Edge's News Feed pushes tech support scams

While Google Chrome still dominates as the top browser, Microsoft Edge, which is based on the Chromium source code, is gradually gaining more users. Perhaps more importantly, it is the default browser on the Microsoft Windows platform and as such some segments of its user base are of particular...

0.6AI score
Exploits0
OSV
OSV
added 2021/02/14 4:15 a.m.3 views

UBUNTU-CVE-2021-26929

An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke us...

6.1CVSS5.8AI score0.04944EPSS
Exploits7References8
NVD
NVD
added 2020/07/09 7:15 p.m.25 views

CVE-2020-15299

A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...

6.1CVSS0.4696EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/07/09 6:13 p.m.28 views

CVE-2020-15299

A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...

6AI score0.4696EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/07/09 12:0 a.m.23 views

KingComposer < 2.9.5 - Unauthenticated Reflected Cross-Site Scripting

A reflected Cross-Site Scripting XSS Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an installonlinepreset AJAX request containing base64-encoded JavaScript in the kc-online-preset-data POST parameter that is executed...

4.3CVSS4.7AI score0.4696EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2011/09/02 1:18 a.m.6 views

Persistent XSS vulnerability in eBuddy Web Messenger

Persistent XSS vulnerability in eBuddy Web Messenger A team member from Virtual Luminous Security , Russian Federation, has discovered a persistent XSS vulnerability in eBuddy the biggest web IM solution in the world by transmitting messages with embedded encoded javascript code. In-depth detail...

6.3AI score
Exploits0
Prion
Prion
added 2009/01/27 8:30 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa...

4.3CVSS6.1AI score0.01022EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2006/10/21 12:7 a.m.8 views

CVE-2006-5442

ViewVC 1.0.2 and earlier does not specify a charset in its HTTP headers or HTML documents, which allows remote attackers to conduct cross-site scripting XSS attacks that inject arbitrary UTF-7 encoded JavaScript code via a view...

5.9AI score
Exploits0References8
CVE
CVE
added 2006/08/24 1:0 a.m.49 views

CVE-2006-4317

CVE-2006-4317 affects WoltLab Burning Board (WBB) 2.3.5 in attachment.php. It is a cross-site scripting (XSS) vulnerability where a GIF image containing URL-encoded Javascript can be used to inject arbitrary script, with the impact described as partial confidentiality/integrity/availability in th...

6.8CVSS5.9AI score0.01369EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2006/08/24 1:0 a.m.25 views

CVE-2006-4317

Cross-site scripting XSS vulnerability in attachment.php in WoltLab Burning Board WBB 2.3.5 allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript...

5.6AI score0.01369EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2006/01/04 12:3 a.m.32 views

CVE-2006-0070

Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtere...

4.3CVSS5.8AI score0.01059EPSS
Exploits1References1
Rows per page
Query Builder