10 matches found
CVE-2025-65924
ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically hyperlinks in fields that are intended for plain text. Although JavaScript is blocked preventing XSS, the HTML is still preserved in the generated PDF document. As a result, an attacker can inject malicious clickable...
CVE-2025-24981 Parsed HTML anchor links in Markdown provided to parseMarkdown can result in XSS in @nuxtjs/mdc
MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. In affected versions unsafe parsing logic of the URL from markdown can lead to arbitrary JavaScript code due to a bypass to the existing guards around the javascript: protocol scheme in the URL. Th...
CVE-2023-3434
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...
CVE-2023-3434
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...
Input validation
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...
CVE-2023-3434 QRC Handler without Input Validation in Jami
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami version 20222284 on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger...
Jami 安全漏洞
Jami is an open source, SIP-compatible software telephony and instant messaging software from Jami, Inc. A security vulnerability exists in Jami version 20222284 that originates from a vulnerability that allows an attacker to send a custom HTML anchor tag that passes a string value to the Windows...
X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
No description provided by source. Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The symb parameter o...
X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting
Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "productsmap.php" is vulnerable...
X-Cart Gold 4.5 - products_map.php?symb Cross-Site Scripting
X-Cart Gold 4.5 - productsmap.php?symb Cross-Site Scripting Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is...