145 matches found
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
PT-2024-20866 · Mjml-App · Mjml-App
Name of the Vulnerable Software and Affected Versions: mjml-app versions 3.0.4 through 3.1.0-beta Description: The issue allows for remote code execution RCE via the href attribute. Recommendations: For versions 3.0.4 and 3.1.0-beta, consider restricting access to the href attribute until a patch...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
Cross-Site Scripting (XSS)
dash-core-components are vulnerable to Cross Site Scripting XSS. The vulnerability is caused due to improper handling of the href attribute of the tag when the href attribute is controlled by an adversary. This allows an attacker to steal data that is visible to another user who opens a view...
Deserialization of untrusted data
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2023-50252 php-svg-lib unsafe attributes merge when parsing `use` tag
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...
PT-2023-31509 · Unknown · Php-Svg-Lib
Name of the Vulnerable Software and Affected Versions: php-svg-lib versions prior to 0.5.1 Description: The issue arises when parsing attributes passed to a use tag inside an SVG document, allowing an attacker to cause the system to go into infinite recursion. This could exhaust the memory...
PT-2023-4918 · Librsvg +8 · Librsvg +8
Name of the Vulnerable Software and Affected Versions: librsvg versions prior to 2.56.3 Description: The issue is related to a directory traversal problem in the URL decoder of librsvg. This problem can be exploited by local or remote attackers to disclose files on the local filesystem outside of...
PT-2023-17329 · WordPress · Wp Popups
Name of the Vulnerable Software and Affected Versions: WP Popups WordPress plugin versions prior to 2.1.5.1 Description: The issue arises from insufficient escaping of the href attribute in the spu-facebook-page shortcode, potentially allowing Stored Cross-Site Scripting attacks by users with the...
Stored cross site scripting in RSS displayer
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
CVE-2023-28820
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
CVE-2023-28820
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
Design/Logic Flaw
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
CVE-2023-28820
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
CVE-2023-28820
Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
CVE-2022-34473
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...
CVE-2022-34473
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...