Lucene search
+L

103 matches found

euvd
euvd
added yesterday4 views

EUVD-2026-44760

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS6.1AI score
Exploits0References2
cve
cve
added 2 days ago24 views

CVE-2026-45753

Symfony HtmlSanitizer UrlAttributeSanitizer omits action, formaction, poster, and cite URL-valued attributes, allowing javascript: URIs to bypass sanitization and enable XSS when forms or buttons are used. Affected: Symfony components prior to versions 6.4.40, 7.4.12, and 8.0.12. Mitigation: upgr...

6.1CVSS6.1AI score0.00482EPSS
Exploits0References5Affected Software1
osv
osv
added 3 days ago4 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS6.2AI score0.00382EPSS
Exploits0References9
cvelist
cvelist
added 3 days ago29 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS0.00382EPSS
Exploits0References4
nvd
nvd
added 6 days ago5 views

CVE-2026-55665

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS0.00322EPSS
Exploits0References3
cve
cve
added 2026/06/24 8:51 p.m.9 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
osv
osv
added 2026/06/24 8:14 p.m.3 views

CVE-2026-52798 Gogs: Stored XSS in `.ipynb` Preview

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS6.1AI score0.00429EPSS
Exploits0References6
cve
cve
added 2026/06/12 8:43 p.m.27 views

CVE-2026-45011

CVE-2026-45011 affects ApostropheCMS 4.29.0, where a stored XSS can be injected via a javascript: URL in an image widget link. A user with Editor rights can publish the widget, enabling arbitrary JavaScript execution when a viewer clicks the link. Public patch status: at time of publication there...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/10 1:55 p.m.41 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS0.00187EPSS
Exploits0References3
github
github
added 2026/05/26 6:0 p.m.15 views

Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers

Summary The Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2026/05/22 6:16 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS0.00241EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/22 5:21 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS6.9AI score0.00937EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.21 views

PT-2026-39284

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The AccountPending.svelte component renders admin-configured "Pending User Overlay Content" using marked.parse inside @html with an incorrect DOMPurify application order. DOMPurify is applied to t...

4.8CVSS5.9AI score0.0017EPSS
Exploits1References11
github
github
added 2026/05/06 8:18 p.m.15 views

phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Summary The SvgSanitizer::decodeAllEntities method limits recursive entity decoding to 5 iterations. By wrapping each character of javascript in an href attribute value with 5 levels of & encoding around numeric HTML entities e.g., amp;amp;amp;106; for j, an attacker can bypass both isSafe...

5.4CVSS6AI score0.00153EPSS
Exploits0References4Affected Software2
osv
osv
added 2026/05/06 8:18 p.m.7 views

GHSA-WHQH-9PQ5-C7R3 phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Summary The SvgSanitizer::decodeAllEntities method limits recursive entity decoding to 5 iterations. By wrapping each character of javascript in an href attribute value with 5 levels of & encoding around numeric HTML entities e.g., amp;amp;amp;106; for j, an attacker can bypass both isSafe...

5.4CVSS6AI score0.00153EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/21 8:52 p.m.32 views

CVE-2026-40927 Docmost: XSS in Comments with JavaScript URI

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS0.00139EPSS
Exploits0References1
euvd
euvd
added 2026/04/21 8:52 p.m.8 views

EUVD-2026-24487

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/21 4:22 p.m.5 views

CVE-2026-35451 Twenty: Stored XSS via BlockNote FileBlock

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
cve
cve
added 2026/04/21 4:22 p.m.39 views

CVE-2026-35451

CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
Rows per page
Query Builder