CVE-2022-25849

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...

CVE-2022-25849 Cross-site Scripting (XSS)

The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well...

npm hyperdown 跨站脚本漏洞

npm hyperdown is a library from the American company npm. A security vulnerability exists in npm hyperdown, which stems from the fact that the module that parses markdown does not filter the href attribute well...

PT-2022-17566 · Joyqi · Hyper-Down

Name of the Vulnerable Software and Affected Versions: joyqi/hyper-down versions 0.0.0 and later Description: The issue arises from improper validation of the href attribute in the markdown parser module, leading to Cross-site Scripting XSS. There is no information about the estimated number of...

PT-2022-14910 · Npm · @Acrontum/Filesystem-Template

Name of the Vulnerable Software and Affected Versions: @acrontum/filesystem-template versions prior to 0.0.2 Description: The issue is related to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. This allows for potential command...

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The package @acrontum/filesystem-template before 0.0.2 is vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

CVE-2022-2181

The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting...

WordPress plugin Advanced Database Cleaner 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

UBUNTU-CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

Cross-site Scripting (XSS)

firefox is vulnerable to cross-site scripting. The vulnerability exists due to the lack of sanitization in the href attribute of SVG tags, allowing an attacker to inject and execute malicious javascript...

PT-2022-19248 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: SilverStripe Framework versions prior to 4.10.9 SilverStripe Framework through 2022-04-07 Description: The issue allows for Stored XSS to occur in javascript link tags added via XMLHttpRequest XHR. This can happen when an authenticated CMS us...

MediaWiki Cross-site Scripting (XSS) vulnerability

In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...

GHSA-GFHJ-524Q-GCRM Stored XSS vulnerability in Jenkins console links

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting XSS vulnerability exploitable by users with Job/Configure permission. Jenkins 2.245, LTS 2.235.2...

Cross-site Scripting in fullpage.js

using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow for a break in the context of anchor element and can add our new element...

PT-2022-13320

Name of the Vulnerable Software and Affected Versions url-parse versions prior to 1.5.7 Description The issue allows for authorization bypass through a user-controlled key. A specially crafted URL with an '@' sign but empty user info and no hostname, when parsed with url-parse, will return the...

CVE-2021-24817

The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. ultimate NoFollow plugin is a WordPress open source application plugin. the WordPress Ultimate NoFollow plugin in version 1.4....

Cross site scripting

The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues...

Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack due to a dynamically constructed href attribute

Summary A vulnerability has been found in IBM Cloud Pak for Applications v4.3 that exposes a cross-site scripting attack due to a dynamically constructed href attribute Vulnerability Details CVEID: CVE-2021-20361 DESCRIPTION: IBM Cloud Pak for Applications is vulnerable to cross-site scripting...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim's browser...