Cross-Site Scripting (XSS)

Axios is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper origin determination and unsafe handling of the href attribute in the lib/helpers/isURLSameOrigin.js file, which does not use a proper URL object. It allows an attacker to manipulate the href attribute and injec...

SUSE CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

PT-2024-32380 · Unknown · @Udecode/Plate-Core

Name of the Vulnerable Software and Affected Versions: @udecode/plate-core versions prior to 21.5.1 and 36.5.9 Description: The issue concerns a longstanding feature in Plate that allows adding custom DOM attributes to elements or leaves using the attributes property, which can be used for...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is cause due to a missing validation and sanitization in the href attribute of the tag in the carousel component in the data-slide and data-slide-to attributes. This can enable attackers to execute arbitrary JavaScript within...

Cross Site Scripting (XSS)

bootstrap is vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to a missing sanitization in the href attribute of the tag while working with data-slide and data-slide-to attributes. This could enable an attacker to execute arbitrary JavaScript within the victim's browser...

GHSA-VC8W-JR9V-VJ7F Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability

Withdrawn Advisory This advisory is withdrawn because it was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE ha...

CVE-2024-6531

Removed by vendor...

CVE-2024-6484

...

Bootstrap Cross-Site Scripting (XSS) vulnerability

A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting XSS attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This...

CVE-2024-37888

The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...

Open Link Security Vulnerability

Open Link plugin is a very simple plugin by Marek Lewandowski personal developer. It is possible to extend the context menu and open links in new tabs. A security vulnerability exists in versions prior to Open Link 1.0.5, which stems from a cross-site scripting vulnerability in the Open Link...

CVE-2024-32463

The CVE-2024-32463 entry concerns phlex, a Ruby-based open source framework for building object-oriented views. The vulnerability is an XSS flaw in the handling of href attributes on tags, where the javascript: scheme can be bypassed by inserting tab or newline characters (e.g., java\tscript:). ...

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting. The vulnerability is due improper filtering of javascript: URL scheme within the href attribute of an tag, which allows an attacker to insert tab \t or newline \n characters between the characters of the protocol, resulting in Cross Site Scripting...

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

GHSA-G7XQ-XV8C-H98C Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

Summary There is a potential cross-site scripting XSS vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the javascript: URL scheme in the href attribute of an tag could be bypassed with tab \t or newline \n characters between the...

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...