16 matches found
AZL-79637 CVE-2026-27142 affecting package python-tensorboard 2.11.0-3
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
AZL-79634 CVE-2026-27142 affecting package msft-golang 1.24.13-1
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
CVE-2026-27142
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
GO-2026-4603 URLs in meta content attribute actions are not escaped in html/template
Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actio...
CVE-2025-5983
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
EUVD-2025-35355
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
CVE-2025-5983
CVE-2025-5983 affects the WordPress Meta Tag Manager plugin (before 3.3). Multiple connected sources confirm a Contributor+ open redirect vulnerability in Meta Tag Manager, stemming from insufficient restrictions/validation around redirects, allowing an attacker to redirect users to a malicious s...
CVE-2025-5983 Meta Tag Manager < 3.3 - Contributor+ Open Redirect
The Meta Tag Manager WordPress plugin before 3.3 does not restrict which roles can create http-equiv refresh meta tags...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2018-19516
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...
CVE-2018-19516
messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value...
CVE-2018-18499
A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...
CVE-2014-4908
CVE-2014-4908 is a cross-site scripting vulnerability in PNP4Nagios up to version 0.6.22. The issue enables an attacker to inject script/HTML via URI handling for two PHP views, due to improper handling of an http-equiv="refresh" META element. Connected documents confirm related CVE-2014-4907 and...
CVE-2012-2585
Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...
Code injection
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...