120 matches found
CVE-2024-34343
Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The navigateTo function attempts to blockthe javascript: protocol, but does not correctly use API's provided by unjs/ufo. This library also contains parsing discrepancies. The function first...
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...
EUVD-2018-16929
Malware in sbrugna...
EUVD-2018-4101
Malware in sbrugna...
EUVD-2024-23429
Malicious code in bioql PyPI...
EUVD-2025-0039
Malicious code in bioql PyPI...
EUVD-2024-2661
Malicious code in bioql PyPI...
Cloudflare Public Bug Bounty: Second-Order XSS via javascript protocol in MCP Server Portal Apps leads to ATO
The vulnerability in the MCP Server Portal Apps was caused by missing sanitization of the redirecturi parameter, leading to a second-order XSS vulnerability. An attacker could craft a malicious redirecturi containing JavaScript code, obtain a clientid for this URI, and reuse it when a victim had ...
Linux Distros Unpatched Vulnerability : CVE-2017-14718
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. CVE-2017-14718 Note that Ness...
Linux Distros Unpatched Vulnerability : CVE-2018-12123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
Linux Distros Unpatched Vulnerability : CVE-2025-4083
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
CVE-2024-56412
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the...