129 matches found
CVE-2025-7903
CVE-2025-7903 affects yangzongzhuan RuoYi up to version 4.8.1. The vulnerability lies in the Image Source Handler component, causing improper restriction of rendered UI layers. It is exploitable remotely and the exploit has been publicly disclosed. Remediation per PT-Security and Red Hat advisori...
CVE-2025-7903 yangzongzhuan RuoYi Image Source ui layer
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The...
RuoYi 安全漏洞
RuoYi is a backend management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi 4.8.1 and earlier versions, which stems from an improper restriction of the rendering UI layer of the Image Source Handler component...
PT-2025-30208 · Yangzongzhuan · Ruoyi
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A problematic issue exists in yangzongzhuan RuoYi, specifically within the Image Source Handler component. This issue involves improper restriction of rendered UI layers and can be exploit...
CVE-2025-2336
CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...
CVE-2023-52187
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Thomas Maier Image Source Control Lite – Show Image Credits and Captions.This issue affects Image Source Control Lite – Show Image Credits and Captions: from n/a through 2.17.0...
Content Spoofing
AngularJS is vulnerable to Content Spoofing. The vulnerability is due to improper sanitization of the 'href' and 'xlink:href' attributes in SVG elements, which allows attackers to bypass image source restrictions...
CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2025-0716
Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and also negatively affect...
CVE-2024-8372
Improper sanitization of the value of the 'srcset' attribute in AngularJS allows attackers to bypass common image source restrictions, which can also lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing . This issue affects AngularJS versions 1.3.0-rc.4 and...
UBUNTU-CVE-2025-43703
An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API even though the attacker has no knowledge of an API key through approaches such as scripts or the SRC attribute of an IMG element. NOTE: this issue exists...
RHSA-2024:2204
creationtimestamp| type| source ---|---|--- 2025-03-15 08:44:40+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7676...
CVE-2025-22711
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...
CVE-2025-22711
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...
CVE-2025-22711
CVE-2025-22711 is a reflected XSS in Image Source Control Lite (image-source-control-isc) for WordPress plugins, reported as an improper input neutralization during web page generation. Affected range: Image Source Control
CVE-2025-22711 WordPress Image Source Control Lite Plugin <= 2.29.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thomas Maier Image Source Control image-source-control-isc allows Reflected XSS.This issue affects Image Source Control: from n/a through = 2.29.0...
WordPress plugin Image Source Control 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-4641 · Unknown · Thomas Maier Image Source Control
Name of the Vulnerable Software and Affected Versions: Thomas Maier Image Source Control versions n/a through 2.29.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables...
CVE-2024-13515
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-13515 Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting
The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for...