145 matches found
CVE-2022-34473
Summary: CVE-2022-34473 is a vulnerability in Mozilla Firefox prior to 102 where the HTML Sanitizer failed to sanitize the xlink:href attribute of SVG elements. This could enable attacker-controlled input to bypass sanitization, potentially enabling script execution or other abuses via SVG refer...
CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...
Design/Logic Flaw
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...
CVE-2022-37429
Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...
CVE-2022-37430
Silverstripe silverstripe/framework through 4.11 allows XSS vulnerability via href attribute of a link issue 2 of 2...
Stored XSS using HTMLEditor
A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...
GHSA-QW4W-VQ8V-2WCV Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
Stored XSS using uppercase characters in HTMLEditor
A malicious content author could add a Javascript payload to the href attribute of a link. A similar issue was identified and fixed via CVE-2022-28803. However, the fix didn't account for the casing of the href attribute. An attacker must have access to the CMS to exploit this issue...
PT-2022-23994 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions through 4.11 Description: The issue allows for an XSS vulnerability via the href attribute of a link. A malicious content author could add a JavaScript payload to the href attribute. This is simila...
GHSA-4R9G-W48Q-8JWM HyperDown vulnerable to Cross-site Scripting
HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...
HyperDown vulnerable to Cross-site Scripting
HyperDown is a markdown parser written for the Chinese website SegmentFault. Improper validation of the href attribute allows for Cross-site Scripting. At publication there are no patched versions, and no known workarounds...
CVE-2022-25849
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...
CVE-2022-25849 Cross-site Scripting (XSS)
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...
PT-2022-17566 · Joyqi · Hyper-Down
Name of the Vulnerable Software and Affected Versions: joyqi/hyper-down versions 0.0.0 and later Description: The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting XSS. There is no information about the estimated number of...
Cross-site Scripting (XSS)
firefox is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the href attribute of SVG tags, allowing an attacker to inject and execute malicious javascript...
PT-2022-19248 · Silverstripe · Silverstripe/Framework
Name of the Vulnerable Software and Affected Versions: SilverStripe Framework versions prior to 4.10.9 SilverStripe Framework through 2022-04-07 Description: The issue allows for Stored XSS to occur in javascript link tags added via XMLHttpRequest XHR. This can happen when an authenticated CMS us...
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...
Cross site scripting
The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues...