BIT-JUPYTERLAB-2026-42557 jupyterlab: Command linker attributes in HTML enable one-click command execution from untrusted content

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to 4.5.7, JupyterLab's HTML sanitizer allowlists data-commandlinker-command and data-commandlinker-args on button elements, while CommandLinker listens for all cli...

CVE-2025-61642

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...

CVE-2025-61636

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

UBUNTU-CVE-2025-61636

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

UBUNTU-CVE-2025-61642

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...

CVE-2025-61642

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...

CVE-2025-61642 Stored XSS through system messages provided to CodexHtmlForms

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/CodexHTMLForm.Php, includes/htmlform/fields/HTMLButtonField.Php. This issue affects...

CVE-2025-61642

CVE-2025-61642 is a MediaWiki XSS vulnerability (improper input neutralization during web page generation) affecting MediaWiki before 1.39.14, 1.43.4, and 1.44.1, linked to CodexHTMLForm.Php and HTMLButtonField.Php. Public details across Red Hat and Debian advisories confirm remote XSS with infor...

CVE-2025-61636 Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

CVE-2025-61636 Codex Special:Block vulnerable to message key XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4,...

CVE-2025-60312

Sourcecodester Markdown to HTML Converter v1.0 is vulnerable to a Cross-Site Scripting XSS in the "Markdown Input" field, allowing a remote attacker to inject arbitrary HTML/JavaScript code that executes in the victim's browser upon clicking the "Convert to HTML" button...

openSUSE Security Advisory (SUSE-SU-2024:4050-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

Trello: Normal User can add new users to group

A normal user does not have privilege to add new members to a group. But adding following HTML button Payload, a Normal user can add new members to a group which he did not have privilege to perform Payload: Add Members Steps To Reproduce: 1. Login to Trello https://trello.com/login 2. Navigate t...

Facebook Status Update With XFBML Injection

Facebook Status Update WithXFBML Injection i Last week Acizninja DeadcOde share Tweaking Facebook Status with HTML button. Well today he is going to share another kind of cool tricks to tweak Facebook Status Update using XFBML Injection. With this tweak, we will do an injection on Facebook URL an...

Tweaking Facebook Status with HTML button

Tweaking Facebook Status with HTML button Have you thought that Facebook status updates that can be modified ? Yes we have a tweak for you : One is a Button Tag. One of our Hacker Friend "Acizninja DeadcOde " , admin of https://blog.cyber4rt.com sharing such cool tweaks with The Hacker News reade...

Tweaking Facebook Status with HTML button

Tweaking Facebook Status with HTML button Have you thought that Facebook status updates that can be modified ? Yes we have a tweak for you : One is a Button Tag. One of our Hacker Friend "Acizninja DeadcOde" , admin of https://blog.cyber4rt.com sharing such cool tweaks with The Hacker News reader...

VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)

About the security content of Safari 5.0 and Safari 4.1 Last Modified: June 07, 2010 Article: HT4196 Email this article Print this page Summary This document describes the security content of Safari 5.0 and Safari 4.1. For the protection of our customers, Apple does not disclose, discuss, or...