CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

PT-2023-22985 · Lexical · Lexical

Name of the Vulnerable Software and Affected Versions: Lexical versions prior to 0.10.0 Description: The issue allows cross-site scripting on link clicks when input is being parsed from untrusted sources, due to href attributes in anchor tags rendering javascript: URLs. Recommendations: For...

Stored cross site scripting in RSS displayer

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

CVE-2023-28820

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

CVE-2023-28820

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

Design/Logic Flaw

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

CVE-2023-28820

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

CVE-2023-28820

Concrete CMS previously concrete5 before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized...

PT-2023-21989 · Unknown · Concrete Cms

Name of the Vulnerable Software and Affected Versions: Concrete CMS previously concrete5 versions prior to 9.1 Description: The issue concerns stored XSS in the RSS Displayer via the href attribute. This occurs because the link element input was not sanitized, allowing for potential exploitation...

Cross-site scripting (XSS) stored in href bypasses filter using data wrapper

Description The XSS Cross-Site Scripting vulnerability found in the Caliber-Web application allows an attacker to inject malicious JavaScript code into a href via a data wrapper, containing a base64-encoded payload. This vulnerability specifically occurs in a book's Tag editing functionality. By...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

GHSA-CP47-R258-Q626 Vega vulnerable to arbitrary code execution when clicking href links

Vega is vulnerable to arbitrary code execution when clicking href links. Versions 5.4.1 and 4.5.1 contain a patch...

Vega vulnerable to arbitrary code execution when clicking href links

Vega is vulnerable to arbitrary code execution when clicking href links. Versions 5.4.1 and 4.5.1 contain a patch...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

SUSE CVE-2006-3199

Opera 9 allows remote attackers to cause a denial of service crash via an A tag with an href attribute with a URL containing a long hostname, which triggers an out-of-bounds operation...

SUSE CVE-2008-0593

Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8, modify the .href property of stylesheet DOM nodes to the final URI of a 302 redirect, which might allow remote attackers to bypass the Same Origin Policy and read sensitive information from the original UR...

SUSE CVE-2008-6682

Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of 1 " double quote characters in the href attribute of an s:a tag and 2...