PT-2026-35679

The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...

Angular 跨站脚本漏洞

Angular is Angular open source a development platform . Used to build mobile and desktop Web applications using Typescript / JavaScript and other languages. A cross-site scripting vulnerability exists in Angular versions prior to 19.2.18, 20.3.16, 21.0.7, and 21.1.0-rc.0 that stems from an intern...

Improper Encoding or Escaping of Output

Overview org.webjars.npm:element-plus is an A Component Library for Vue 3 Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the href attribute handling in the el-link component. An attacker can execute arbitrary scripts, redirect users to malicious...

DEBIAN-CVE-2023-24813

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...