22 matches found
EUVD-2018-0786
Malware in sbrugna...
EUVD-2019-3822
Malware in sbrugna...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
BIT-MOODLE-2024-28593
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's UsingChat page says "If you know some HTML code, you can use it in your text to do things like insert image...
Cross Site Scripting (XSS)
vditor is vulnerable to Cross Site Scripting XSS. The vulnerability is due to a lack of default xss sanitization within the editor, which allows an attacker to execute XSS via an attribute of an A element...
Vditor allows Cross-site Scripting via an attribute of an `A` element
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
CVE-2024-34449 affects Vditor 3.10.3, with XSS via an attribute of an A element. The underlying issue is insufficient sanitization; vendor guidance is to mitigate by enabling sanitize=true. CVSS 3.1 base score 6.1 (Network attack, low complexity, no privilege, user interaction required, scope cha...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript substring in an A element...
CVE-2022-40317
OpenKM 6.3.11 allows stored XSS related to the javascript substring in an A element...
Cross site scripting
OpenKM 6.3.11 allows stored XSS related to the javascript substring in an A element...
CVE-2019-12173
MacDown 0.7.1 870 allows remote code execution via a file:\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138...
CVE-2018-19057
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2018-19057
SimpleMDE 1.11.2 has XSS via an onerror attribute of a crafted IMG element, or via certain input with and characters, which is mishandled during construction of an A element...
CVE-2018-19056
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "" substring, which is mishandled during construction of an A element...
CVE-2018-19056
pandao Editor.md 1.5.0 has DOM XSS via input starting with a "" substring, which is mishandled during construction of an A element...
CVE-2018-19057
CVE-2018-19057 affects SimpleMDE 1.11.2. The vulnerability is a cross-site scripting (XSS) issue triggered by an onerror attribute on a crafted IMG element, or by certain input containing [ and ( characters, which is mishandled during the construction of an A element. The issue is described acros...
Google Chrome Frame Plugin For Microsoft IE Denial Of Service Vulnerability (Windows)
This host is installed with google chrome frame plugin for microsoft ie and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromeframedosvulnwin.nasl 6093 2017-05-10 09:03:18Z teissa $ Google Chrome Frame Plugin For Microsoft IE Denial Of Service Vulnerabilit...