WordPress plugin Voyage Plus 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-66400 mdast-util-to-hast unsanitized class attribute

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

CVE-2025-66400

Summary: mdast-util-to-hast (an MD to HAST utility) is affected from versions 13.0.0 up to before 13.2.1. The issue arises when using character references to inject unprefixed classnames in Markdown sources, which can cause rendered user-supplied code elements to appear as part of the page. The p...

[SECURITY] Fedora 43 Update: python-annotated-doc-0.0.3-2.fc43

Document parameters, class attributes, return types, and variables inline, wi th Annotated...

EUVD-2001-0560

Malware in sbrugna...

EUVD-2011-3009

Malware in sbrugna...

EUVD-2023-0339

Malicious code in bioql PyPI...

SUSE CVE-2011-3041

Use-after-free vulnerability in Google Chrome before 17.0.963.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of class attributes...

GHSA-5G2H-9X5V-5H3X phoenix_html allows Cross-site Scripting in HEEx class attributes

tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...

phoenix_html allows Cross-site Scripting in HEEx class attributes

tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...

CVE-2021-46871

tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...

CVE-2021-46871

tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...

CVE-2021-46871

tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...

PT-2022-12947 · Phoenix · Phoenix.Html

Name of the Vulnerable Software and Affected Versions: Phoenix Phoenix.HTML aka phoenix html versions prior to 3.0.4 Description: The issue allows XSS in HEEx class attributes. The class attribute was not protected against XSS attacks when using HEEx. Recommendations: For versions prior to 3.0.4,...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

bind: responses with a malformed class attribute can trigger an assertion failure in db.c

A denial of service flaw was found in the way BIND processed certain records with malformed class attributes. A remote attacker could use this flaw to send a query to request a cached record with a malformed class attribute that would cause named functioning as an authoritative or recursive serve...

Ubuntu: Security Advisory (USN-2837-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2837-1 bind9 vulnerability

It was discovered that Bind incorrectly handled responses with malformed class attributes. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service...

Cross site scripting

Cross-site scripting XSS vulnerability in the themeslinks function in template.php in the Amadou theme module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to class attributes in a list of links...