Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2026/04/07 4:16 p.m.2 views

CVE-2026-35571

Emissary is a P2P based data-driven workflow engine. Prior to 8.39.0, Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript:...

4.8CVSS0.00047EPSS
Exploits1References2
Github Security Blog
Github Security Blogadded 2026/02/06 7:35 p.m.6 views

Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Impact During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS cross-site-scripting protection built into Phlex. 1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g...

5.4AI score
Exploits0References7Affected Software1
OSV
OSVadded 2026/02/06 7:35 p.m.3 views

GHSA-W67G-2H6V-VJGQ Phlex XSS protection bypass via attribute splatting, dynamic tags, and href values

Impact During a security audit conducted with Claude Opus 4.6 and GPT-5.3-Codex, we identified three specific ways to bypass the XSS cross-site-scripting protection built into Phlex. 1. The first bypass could happen if user-provided attributes with string keys were splatted into HTML tag, e.g...

7.1CVSS5.5AI score
Exploits0References7
Snyk
Snykadded 2026/02/06 7:35 p.m.2 views

Cross-site Scripting (XSS)

Overview phlex is a high-performance view framework optimised for fun. Affected versions of this package are vulnerable to Cross-site Scripting XSS via attributes, tag names, and link values in HTML rendering. An attacker can execute scripts in the context of the user's browser by injecting...

6.1CVSS5.2AI score
Exploits0References2
Github Security Blog
Github Security Blogadded 2020/08/25 2:4 p.m.29 views

Cross-Site Scripting in highcharts

Versions of highcharts prior to 7.2.2 or 8.1.1 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize href values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser if they click the link...

4.1AI score
Exploits0References4Affected Software1
Exploit DB
Exploit DBadded 2003/10/20 12:0 a.m.35 views

Opera 7.11/7.20 HREF - Malformed Server Name Heap Corruption

source: https://www.securityfocus.com/bid/8853/info A vulnerability has been discovered in the Opera web browser that could lead to remote code execution. The problem is said to trigger when handling malformed HTML HREF values and may result in a buffer overrun occuring within heap memory. As a...

7.4AI score
Exploits0
Rows per page
Query Builder