Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/04/22 5:42 p.m.9 views

i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes

Summary Versions of i18nextify prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in src/localize.js replaceInside handler around line 122 only guards against a duplicated http:// origin prefix ...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.4 views

MJML App Security Vulnerability

MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...

9.3CVSS7.3AI score0.00994EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2023/01/31 1:12 p.m.3 views

CXF: SSRF Vulnerability

A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type...

9.8CVSS6.8AI score0.0193EPSS
Exploits5References5
CNNVD
CNNVD
added 2022/08/01 12:0 a.m.7 views

WordPress plugin Advanced WordPress Reset 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6AI score0.0055EPSS
Exploits2References2
Snyk
Snyk
added 2022/07/20 1:33 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well. PoC 1 Step 1: load the HyperDownParser module: php $parser = new HyperDownParser; 2 Step 2: add the payload: php $text = "!";...

6.1CVSS5.3AI score0.00473EPSS
Exploits1References2
Rows per page
Query Builder