CVE-2023-48443

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

PT-2023-8638 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue exists due to inadequate protection of the web page structure. Exploitation may allow a remote attacker to execute arbitrary code. A low-privileged attacker can...

Design/Logic Flaw

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning th...

CVE-2023-3434

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...

Input validation

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...

PT-2023-24825 · Microsoft · Windows Qrc Handler

Name of the Vulnerable Software and Affected Versions: Jami version 20222284 Description: The issue is related to improper input validation in hyperlink interpretation. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami...

Jami 输入验证错误漏洞

Jami is an open source, SIP-compatible software telephony and instant messaging software from Jami, Inc. An input validation error vulnerability exists in Jami version 20222284, which stems from incorrect input validation for hyperlink interpretation...

Mozilla: Fullscreen notification obscured

The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks...

CVE-2023-2808

Mattermost suffers from improper handling of Unicode confusable characters when deciding whether to generate a hyperlink preview. The issue allows an attacker to trigger link previews for disallowed domains by using specially crafted links. Connected sources corroborate the vulnerability as affec...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

Cross site scripting

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

PT-2023-22699 · Atlassian +1 · Confluence +1

Name of the Vulnerable Software and Affected Versions: MoroSystems EasyMind - Mind Maps plugin versions prior to 2.15.0 for Confluence Description: The issue allows persistent XSS when saving a Mind Map with the hyperlink parameter. This can lead to the execution of malicious scripts within the...

CVE-2023-30452

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter...

SUSE CVE-2005-4636

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings...

SUSE CVE-2007-5935

Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag...

SUSE CVE-2008-2379

Cross-site scripting XSS vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message...

The vulnerability of the text terminal utility for UNIX-like systems, Less, is related to incorrect filtering of built-in ANSI sequences during the processing of the -R element. This vulnerability allows an attacker to exploit their privileges.

The vulnerability of the text terminal utility for UNIX-like systems is related to incorrect filtering of built-in ANSI sequences during the processing of the -R element. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created hyperlink that...

XSS in hyperlink when create FAQ News

Description Stored Cross-Site Scripting XSS through hyperlinks refers to a type of security vulnerability that occurs when an attacker injects malicious code into a hyperlink, which is then stored in the application's database or web server. When a user clicks on the infected hyperlink, the...

USN-5848-1 less vulnerability

David Leadbeater discovered that less was not properly handling escape sequences when displaying raw control characters. A maliciously formed OSC 8 hyperlink could possibly be used by an attacker to cause a denial of service...