10 matches found
CVE-2026-40565
FreeScout vulnerability CVE-2026-40565 affects versions prior to 1.8.213. The issue occurs in linkify() (app/Misc/Helper.php): plain-text URLs in email bodies are converted to HTML anchor tags without escaping double-quote (") characters, and because HTMLPurifier runs first via getCleanBody(), th...
CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...
GHSA-WHRJ-4476-WVMP Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Summary Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme e.g. javascript:alert1, the generated index includes an anchor whose href attribute is exactly...
Stored XSS in Rack::Directory via javascript: filenames rendered into anchor href
Summary Rack::Directory generates an HTML directory index where each file entry is rendered as a clickable link. If a file exists on disk whose basename begins with the javascript: scheme e.g. javascript:alert1, the generated index includes an anchor whose href attribute is exactly...
CVE-2025-20385
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2025-20385
CVE-2025-20385 affects Splunk Enterprise below 10.0.2, 9.4.6, 9.3.8, 9.2.10 and Splunk Cloud Platform below 10.1.2507.6, 10.0.2503.7, 9.3.2411.117. A high-privilege user (admin_all_objects) can craft a malicious payload via the href attribute of an anchor tag in a navigation bar collection, resul...
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a high privilege capability adminallobjects could craft a malicious payload through the href attribute of an anch...
CVE-2014-125128
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...
PT-2025-36454
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 1.0.3 Description: The 'sanitize-html' software prior to version 1.0.3 is susceptible to Cross-site Scripting XSS. The naughtyHref function inadequately validates the href attribute within anchor tags , enablin...
CVE-2023-30792
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...