44 matches found
EUVD-2025-26768
Malicious code in bioql PyPI...
ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
...
AZL-73881 CVE-2025-38701 affecting package kernel for versions less than 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...
DEBIAN-CVE-2025-38701
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...
PT-2025-35974
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where a maliciously fuzzed file system can trigger a BUG ON in the ext4 update inline data function when an inode has the INLINE DATA FL flag set but is...
DRUPAL-CONTRIB-2025-050
Klaro Cookie & Consent Management module is used for consent management for cookies and external sources. It makes changes to the markup to enable or disable loading. The module doesn't sufficiently sanitize data attributes allowing persistent Cross Site Scripting XSS attacks. This vulnerability ...
CVE-2025-27823
An issue was discovered in the Mail Disguise module before 1.x-1.0.5 for Backdrop CMS. It enables a website to obfuscate email addresses, and should prevent spambots from collecting them. The module doesn't sufficiently validate the data attribute value on links, potentially leading to a Cross Si...
Backdrop CMS 跨站脚本漏洞
Backdrop CMS is a content management system CMS from Backdrop CMS open source. A cross-site scripting vulnerability exists in Backdrop CMS versions prior to 1.x-1.0.5, which stems from insufficient validation of data attributes and could lead to cross-site scripting attacks...
CVE-2024-47701
...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ext4 file system that could lead to out-of-bounds access when the system.data extended attribute is...
CentOS 7 : thunderbird (RHSA-2022:9079)
The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...
CVE-2024-1234
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor acce...
PT-2024-17551
Name of the Vulnerable Software and Affected Versions Exclusive Addons for Elementor versions through 2.6.9 Description The Exclusive Addons for Elementor plugin for WordPress is susceptible to Stored Cross-Site Scripting through the data attribute. This is due to insufficient input sanitization...
Obfuscate Email - Less critical - Cross Site Scripting - SA-CONTRIB-2023-042
This module enables you to hide email addresses from bots and site scrapers by using the rot13 strategy. The module doesn't sufficiently escape the data attribute under the scenario a user has access to manipulate that value. This vulnerability is mitigated by the fact that an attacker must have ...
GHSA-PV7V-PH6G-3GXV Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Impact The HTML sanitizer, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki:...
bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute...
SUSE CVE-2018-11412
In the Linux kernel 4.13 through 4.16.11, ext4readinlinedata in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode...
Cross-Site Scripting (XSS)
html-purify is vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows execution of javascript via a malicious URIs...
Cross-Site Scripting bypass in html-purify
All versions of html-purify are vulnerable to cross-site scripting. The data attribute inside of object tags is not properly sanitized and allows javascript URIs leading to code execution. No fix is currently available. Consider using an alternative package until a fix is made available...
The vulnerability of the Strife NT information protection system driver, related to deficiencies in access control, allows unauthorized access to information about file system objects.
The vulnerability of the Data Protection System’s driver for unauthorized access is related to deficiencies in access control for attributes of file system objects. Exploiting this vulnerability allows an intruder, operating locally, to gain unauthorized access to information about file system...