CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

CVE-2018-13383

A heap buffer overflow in Fortinet FortiOS 6.0.0 through 6.0.4, 5.6.0 through 5.6.10, 5.4.0 through 5.4.12, 5.2.14 and earlier and FortiProxy 2.0.0, 1.2.8 and earlier in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle...

Remote code execution

MacDown 0.7.1 870 allows remote code execution via a file:\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138...

CVE-2019-12173

MacDown 0.7.1 870 allows remote code execution via a file:\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138...

CVE-2019-12173

MacDown 0.7.1 870 allows remote code execution via a file:\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138...

Code injection

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

CVE-2019-12172

Typora 0.9.9.21.1 1913 allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137...

Atlassian Fisheye and Crucible Cross-Site Scripting Vulnerabilities (CNVD-2019-04923)

Atlassian Fisheye and Crucible are both products of the Australian company Atlassian, Atlassian Fisheye is a suite of in-depth viewers of source code and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the administrative linker feature in Atlassian Fisheye...

Stored XSS in administrative linker functionality through the href parameter - CVE-2018-20240

The administrative linker functionality in Atlassian Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the href parameter...

Cross-site Scripting (XSS)

struts2-core is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper handling of double quote characters in the href attribute of the s:a tag, as well as the parameters in the action attribute of the s:url tag, allowing XSS attacks...

CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "maction xlink:href=" attack...

CVE-2018-14953

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "math xlink:href=" attack...

UBUNTU-CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "maction xlink:href=" attack...

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the href value when rendered through printer.js, allowing XSS attacks to occur...

Cross-Site Scripting in @ckeditor/ckeditor5-link

Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The createPreviewButton function fails to sanitize the href attribute of a created tag. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 10.0.1 or late...

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

Cross site scripting

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...