CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

120 matches found

CNNVD•added 2022/01/15 12:0 a.m.•1 views

Checkmk跨站脚本漏洞

Checkmk is an editor. A security vulnerability exists in Checkmk, which can be exploited by remote, authenticated attackers to inject arbitrary JavaScript into view headers via the javascript: URL...

5.4CVSS5.8AI score0.00229EPSS

Exploits1References6

Huntr•added 2021/12/05 9:22 a.m.•18 views

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description The Reflected XSS vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Using javascript: throws an error in parsing the url. But I bypassed it using javascript://%0A. Proof of Concept txt 1. Open the...

4.3CVSS1.4AI score0.70928EPSS

Exploits0

Microsoft CVE•added 2021/06/06 7:0 a.m.•1 views

Node.js: All versions prior to Node.js 6.15.0 8.14.0 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname they may be incorrect.

...

4.3CVSS9.3AI score0.03942EPSS

Exploits0

OSV•added 2020/12/23 4:15 p.m.•0 views

CVE-2020-6159

URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting XSS attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This...

6.1CVSS6.2AI score

Exploits0References1

Opera Security Advisories•added 2020/12/21 12:0 a.m.•4 views

Cross-site Scripting in OfA – Opera Security Advisories

6.1CVSS6.2AI score0.00359EPSS

Exploits0References1

Friends Of PHP•added 2020/09/24 1:25 a.m.•23 views

mw.message.parse() accepts javascript: protocol in wikilinks

More info at https://phabricator.wikimedia.org/T86738...

6.1CVSS7.2AI score0.00336EPSS

Exploits0Affected Software1

OSV•added 2020/03/25 10:15 p.m.•1 views

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

6.5CVSS7AI score0.00266EPSS

Exploits0References2

RedhatCVE•added 2020/02/02 2:37 a.m.•31 views

CVE-2018-12123

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" e.g. "javAscript:" protoc...

5.3CVSS1.5AI score0.03942EPSS

Exploits0References2

RedHat Linux•added 2019/10/01 10:3 a.m.•2 views

nodejs: Hostname spoofing in URL parser for javascript protocol

4.3CVSS7.1AI score0.03942EPSS

Exploits0References4

RedHat Linux•added 2019/07/22 1:39 p.m.•1 views

nodejs: Hostname spoofing in URL parser for javascript protocol

4.3CVSS7.1AI score0.03942EPSS

Exploits0References4

OSV•added 2019/03/23 10:49 a.m.•6 views

OPENSUSE-SU-2019:0089-1 Security update for nodejs8

This update for nodejs8 to version 8.15.0 fixes the following issues: Security issues fixed: - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 - CVE-2018-12116: Fixed HTTP request splitting...

7.5CVSS6AI score0.05572EPSS

Exploits0References9

Tenable Nessus•added 2019/01/22 12:0 a.m.•34 views

SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2019:0117-1)

This update for nodejs4 fixes the following issues : Security issues fixed : CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 CVE-2018-12120: Fixed that the debugge...

8.1CVSS7.2AI score0.05572EPSS

Exploits4References22

OSV•added 2018/11/28 5:29 p.m.•28 views

CVE-2018-12123

4.3CVSS6.5AI score

Exploits0References4

UbuntuCve•added 2018/11/28 5:29 p.m.•22 views

CVE-2018-12123

4.3CVSS6.8AI score0.03942EPSS

Exploits0References3

Prion•added 2018/11/28 5:29 p.m.•17 views

Design/Logic Flaw

4.3CVSS5.6AI score0.03942EPSS

Exploits0References3Affected Software1

OSV•added 2018/11/28 5:29 p.m.•1 views

DEBIAN-CVE-2018-12123

4.3CVSS9.1AI score0.03942EPSS

Exploits0References1

NVD•added 2018/11/28 5:29 p.m.•11 views

CVE-2018-12123

4.3CVSS5.7AI score0.03942EPSS

Exploits0References4

CVE•added 2018/11/28 5:0 p.m.•211 views

CVE-2018-12123

CVE-2018-12123 concerns Node.js: hostname spoofing in the URL parser for the javascript protocol when using url.parse(). Affected are Node.js versions prior to 6.15.0, 8.14.0, 10.14.0 and 11.3.0. The issue allows a mixed-case javascript: URL to spoof the hostname, potentially causing security dec...

4.3CVSS5.7AI score0.03942EPSS

Exploits0References4Affected Software1

AlpineLinux•added 2018/11/28 5:0 p.m.•37 views

CVE-2018-12123

4.3CVSS6.1AI score0.03942EPSS

Exploits0

Positive Technologies•added 2018/11/28 12:0 a.m.•2 views

PT-2018-11030 · Node.Js +3 · Node.Js +3

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to 6.15.0 Node.js versions prior to 8.14.0 Node.js versions prior to 10.14.0 Node.js versions prior to 11.3.0 Description: The issue concerns hostname spoofing in the URL parser for the javascript protocol. If a Node.js...

9.8CVSS6.6AI score0.90232EPSS

Exploits58References569

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by