Lucene search
K

514 matches found

OSV
OSV
added 2018/08/05 6:29 p.m.4 views

UBUNTU-CVE-2018-14952

The mail message display page in SquirrelMail through 1.4.22 has XSS via a "maction xlink:href=" attack...

6.1CVSS6.7AI score0.01426EPSS
Exploits1References5
Veracode
Veracode
added 2018/06/19 1:55 a.m.10 views

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the href value when rendered through printer.js, allowing XSS attacks to occur...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2018/05/23 8:37 p.m.25 views

Cross-Site Scripting in @ckeditor/ckeditor5-link

Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The createPreviewButton function fails to sanitize the href attribute of a created tag. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 10.0.1 or late...

6.1CVSS4.5AI score0.0102EPSS
Exploits0References7Affected Software1
UbuntuCve
UbuntuCve
added 2018/05/22 6:29 p.m.18 views

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

6.1CVSS6.5AI score0.0102EPSS
Exploits0References3
Prion
Prion
added 2018/05/22 6:29 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

4.3CVSS6AI score0.0102EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/05/22 6:29 p.m.16 views

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 2018/05/22 6:0 p.m.16 views

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

6AI score0.0102EPSS
Exploits0References2
Node.js
Node.js
added 2018/05/17 8:43 p.m.559 views

Cross-Site Scripting

Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...

5.9AI score
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/04/27 7:35 p.m.44 views

Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2018/04/24 12:0 a.m.27 views

Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service

Microsoft Internet Explorer 11.371.16299.0 Windows 10 - Denial Of Service ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-Win-10-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =======...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2018/03/21 2:57 p.m.142 views

Ruby on Rails: XSS vulnerability in sanitize-method when parsing link's href

Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2018-3741. Versions Affected: 1.0.3 or older. Not affected: None. Fixed Versions: 1.0.4 Impact ------ There is a possible X...

4.3CVSS6.2AI score0.01984EPSS
Exploits0
OSV
OSV
added 2018/02/27 5:29 a.m.3 views

CVE-2018-4876

Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPIgetValidHref function...

6.1CVSS5.7AI score0.03889EPSS
Exploits0References3
CNVD
CNVD
added 2018/02/27 12:0 a.m.4 views

Etherpad Lite Cross-Site Scripting Vulnerability

Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...

6.1CVSS6.3AI score0.00898EPSS
Exploits0References1
CVE
CVE
added 2017/12/20 9:0 a.m.43 views

CVE-2017-17792

BlogoText (CMS) contains a Cross-site scripting (XSS) flaw in the markup_clean_href function, inc/conv.php, up to version 3.7.6. The root cause is improper handling in markup_clean_href that allows remote attackers to inject arbitrary JavaScript via a comment, as described in multiple sources (NV...

6.1CVSS6AI score0.01002EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2017/07/20 5:52 a.m.7 views

Cross-site Scripting

plotly-js is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due the lack of URI encoding in the href field that defines the special popup attribute...

5.7AI score
Exploits0
OSV
OSV
added 2017/03/16 3:59 p.m.0 views

DEBIAN-CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7AI score0.01992EPSS
Exploits0References1
OSV
OSV
added 2016/12/20 10:59 p.m.5 views

UBUNTU-CVE-2016-4552

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message...

6.1CVSS6.5AI score0.01372EPSS
Exploits1References4
OSV
OSV
added 2016/12/20 10:59 p.m.4 views

DEBIAN-CVE-2016-4552

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message...

6.1CVSS6AI score0.01372EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2016/05/06 12:0 a.m.37 views

roundcube -- XSS vulnerability

Roundcube reports: Fix XSS issue in href attribute on area tag 5240...

1.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/09/11 12:0 a.m.35 views

SUSE SLED11 Security Update : tidy (SUSE-SU-2015:1525-1)

This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service crash via vectors involving a command character in an href. CVE-2015-5522, CVE-2015-5523 Note that Tenable Network Security has extracted the precedin...

6.8CVSS5.5AI score0.04655EPSS
Exploits2References6
Rows per page
Query Builder