5 matches found
i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes
Summary Versions of i18nextify prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in src/localize.js replaceInside handler around line 122 only guards against a duplicated http:// origin prefix ...
MJML App Security Vulnerability
MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...
CXF: SSRF Vulnerability
A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...
WordPress plugin Advanced WordPress Reset 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well. PoC 1 Step 1: load the HyperDownParser module: php $parser = new HyperDownParser; 2 Step 2: add the payload: php $text = "!";...