CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles

Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The Zammad GUI is...

Zammad 安全漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained security vulnerabilities. These vulnerabilities were due to improper cleaning of data: URI schemes by the HTML cleaner, which could allow the storage of maliciou...

GHSA-5339-HVWR-7582 Unhead Vulnerable to Bypass of URI Scheme Sanitization in makeTagSafe via Case-Sensitivity

The link.href check in makeTagSafe safe.ts, line 68-71 uses String.includes, which is case-sensitive: typescript if key === 'href' if val.includes'javascript:' || val.includes'data:' return nextkey = val Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as...

SUSE-SU-2026:0642-1 Security update for python313

This update for python313 fixes the following issues: Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines...

CVE-2025-58361

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

SUSE CVE-2010-3775

Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey before 2.0.11, does not properly handle certain redirections involving data: URLs and Java LiveConnect scripts, which allows remote attackers to start processes, read arbitrary local files, and establish network connections via...

SUSE CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

nodejs-normalize-url: ReDoS for data URLs

A flaw was found in normalize-url. Node.js has a ReDoS regular expression denial of service issue because it has exponential performance for data...

PT-2021-4068 · Unknown +4 · Normalize-Url +4

Name of the Vulnerable Software and Affected Versions: normalize-url versions 4.5.0 and earlier, 5.x before 5.3.1, and 6.x before 6.0.1 Description: The issue is related to a ReDoS regular expression denial of service problem, which causes exponential performance for data: URLs. This can lead to...

chromium-browser: ui spoofing in payments dialog

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page...

UBUNTU-CVE-2016-9900

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

Mozilla Firefox Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 43.0, which is caused by the program failing to properly handle the '' character in the data: URI. A remote attacker could...

Firefox javascript arbitrary code execution

The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and SeaMonkey before 1.1.10 does not apply XPCNativeWrappers to scripts loaded from 1 file: URIs, 2 data: URIs, or 3 certain non-canonical chrome: URIs, which allows remote attacker...