Lucene search
K

14 matches found

Github Security Blog
Github Security Blog
added 2026/06/18 1:7 p.m.6 views

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/04/15 5:0 a.m.3 views

CVE-2026-5160

Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities...

6.1CVSS6.1AI score0.00287EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/30 2:12 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper ordering of URL validation and normalization. The renderer validates link destinations using a prefix-based check IsDangerousURL before resolving HTML entities. This allows an attacker to bypass...

6.1CVSS5.9AI score0.00287EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2025/12/16 6:16 p.m.3 views

CVE-2023-53900

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering...

8.8CVSS5.9AI score0.00265EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-25668

Malware in sbrugna...

6.1CVSS6.3AI score0.0108EPSS
Exploits1References3
0day.today
0day.today
added 2022/08/27 12:0 a.m.531 views

WordPress Robo Gallery 3.2.1 plugin - XSS Stored Vulnerability

Title: WordPress 6.0.1 Plugin-Robo Gallery 3.2.1 XSS-Stored Author: nu11secur1ty Vendor: https://wordpress.org/ Software: https://wordpress.org/plugins/robo-gallery/ Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/RoboGallery/XSS-Stored Description: Th...

0.3AI score
Exploits0
OSV
OSV
added 2021/09/15 1:15 p.m.2 views

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

6.1CVSS6AI score0.0108EPSS
Exploits1References2
NVD
NVD
added 2021/09/15 1:15 p.m.14 views

CVE-2021-39307

PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code...

6.1CVSS0.0108EPSS
Exploits1References2
Prion
Prion
added 2021/03/20 9:15 p.m.14 views

Open redirect

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

5CVSS7.3AI score0.01563EPSS
Exploits0References5Affected Software1
UbuntuCve
UbuntuCve
added 2021/03/20 9:15 p.m.27 views

CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

7.5CVSS7.1AI score0.01563EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2021/03/20 12:0 a.m.14 views

CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

7.1AI score0.01563EPSS
Exploits0References5
Cvelist
Cvelist
added 2021/03/20 12:0 a.m.25 views

CVE-2021-28117

libdiscover/backends/KNSBackend/KNSResource.cpp in KDE Discover before 5.21.3 automatically creates links to potentially dangerous URLs that are neither https:// nor http:// based on the content of the store.kde.org web site. 5.18.7 is also a fixed version...

7.6AI score0.01563EPSS
Exploits0References5
Hacker One
Hacker One
added 2020/02/21 6:19 a.m.19 views

MTN Group: Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history

Summary: Dear Security Team, I found some dangerous urls on your servers that reveal important informations about the servers configuration themself and that are very interesting from a hacker point of view. Steps To Reproduce: http://21days2017.mtncameroon.net/.bashhistory Remediation disable th...

1.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2018/08/14 2:0 p.m.23 views

AV-Comparatives: Trend Micro Antivirus for Mac Provides 100% Malware Protection for Mac Users

Despite popular opinion otherwise, the days have long since passed when Mac users can venture forth on the Internet without having to worry about viruses or ransomware, phishing attacks or dangerous URLs. Though the number of attacks on the Mac are fewer than those on Windows machines because the...

1.7AI score
Exploits0
Rows per page
Query Builder