514 matches found
UBUNTU-CVE-2018-14952
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "maction xlink:href=" attack...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization on the href value when rendered through printer.js, allowing XSS attacks to occur...
Cross-Site Scripting in @ckeditor/ckeditor5-link
Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The createPreviewButton function fails to sanitize the href attribute of a created tag. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 10.0.1 or late...
CVE-2018-11093
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
Cross site scripting
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
CVE-2018-11093
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
CVE-2018-11093
Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...
Cross-Site Scripting
Overview All versions of react-marked-markdown are vulnerable to cross-site scripting XSS via href attributes. This is exploitable if user is provided to react-marked-markdown Proof of concept: import React from 'react' import ReactDOM from 'react-dom' import MarkdownPreview from...
Node.js third-party modules: The react-marked-markdown module allows XSS injection in href values.
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...
Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service
Microsoft Internet Explorer 11.371.16299.0 Windows 10 - Denial Of Service ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-Win-10-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: =======...
Ruby on Rails: XSS vulnerability in sanitize-method when parsing link's href
Possible XSS vulnerability in rails-html-sanitizer There is a possible XSS vulnerability in rails-html-sanitizer. This vulnerability has been assigned the CVE identifier CVE-2018-3741. Versions Affected: 1.0.3 or older. Not affected: None. Fixed Versions: 1.0.4 Impact ------ There is a possible X...
CVE-2018-4876
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPIgetValidHref function...
Etherpad Lite Cross-Site Scripting Vulnerability
Etherpad Lite is the Etherpad Foundation's suite of open source rich text online collaboration software. A cross-site scripting vulnerability exists in the static/js/padutils.js file in Etherpad Lite versions prior to 1.6.3. A remote attacker can use window.location.href to inject arbitrary Web...
CVE-2017-17792
BlogoText (CMS) contains a Cross-site scripting (XSS) flaw in the markup_clean_href function, inc/conv.php, up to version 3.7.6. The root cause is improper handling in markup_clean_href that allows remote attackers to inject arbitrary JavaScript via a comment, as described in multiple sources (NV...
Cross-site Scripting
plotly-js is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due the lack of URI encoding in the href field that defines the special popup attribute...
DEBIAN-CVE-2017-5617
The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...
UBUNTU-CVE-2016-4552
Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message...
DEBIAN-CVE-2016-4552
Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message...
roundcube -- XSS vulnerability
Roundcube reports: Fix XSS issue in href attribute on area tag 5240...
SUSE SLED11 Security Update : tidy (SUSE-SU-2015:1525-1)
This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service crash via vectors involving a command character in an href. CVE-2015-5522, CVE-2015-5523 Note that Tenable Network Security has extracted the precedin...