275 matches found
GHSA-72MH-HGPM-6384 Orejime has executable code in HTML attributes
Impact On HTML elements handled by Orejime, one could run malicious code by embedding javascript: code within data attributes. When consenting to the related purpose, Orejime would turn data attributes into unprefixed ones i.e. data-href into href, thus executing the code. This shouldn't have any...
CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values
ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escaping of HTML attribute values. An attacker can execute arbitrary JavaScript in the context of a user's browser by injecting malicious HTML attribute values into user-generated content...
EUVD-2025-35364
Vert.x-Web vulnerable to Stored Cross-site Scripting in directory listings via file names...
CVE-2025-11966
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...
CVE-2025-11966
In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...
EUVD-2005-1890
Malware in sbrugna...
EUVD-2007-5776
Malware in sbrugna...
EUVD-2019-9502
Malware in sbrugna...
EUVD-2021-1654
Malware in sbrugna...
EUVD-2018-0188
Malware in sbrugna...
EUVD-2009-1709
Malware in sbrugna...
EUVD-2011-1947
Malware in sbrugna...
EUVD-2021-1756
Malware in sbrugna...
EUVD-2015-6119
Malware in sbrugna...
PT-2025-40854
Name of the Vulnerable Software and Affected Versions Responsive Lightbox & Gallery WordPress plugin versions prior to 2.5.3 Description The software does not properly handle HTML tag attribute modifications, which could allow unauthenticated attackers to include event handlers and conduct Stored...
EUVD-2023-27013
Malicious code in bioql PyPI...
EUVD-2024-3458
Malicious code in bioql PyPI...
EUVD-2024-42540
Malicious code in bioql PyPI...
EUVD-2023-32972
Malicious code in bioql PyPI...