2 matches found
GHSA-5MQ8-78GM-PJMQ defuddle vulnerable to XSS via unescaped string interpolation in _findContentBySchemaText image tag
Summary The findContentBySchemaText method in src/defuddle.ts interpolates image src and alt attributes directly into an HTML string without escaping: typescript html += ; An attacker can use a " in the alt attribute to break out of the attribute context and inject event handlers. This is a...
The vulnerability of Google Chrome browser allows a perpetrator to inject commands into the executed script.
The core/html/parser/HTMLConstructionSite.cpp file of the Google Chrome browser contains errors related to inheritance. Exploiting this vulnerability allows a malicious actor to inject commands into the script executed by remotely controlling the system, using a specially crafted Java script...