4 matches found
CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL
Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...
NiceGUI has a Reflected XSS
Summary A Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without...
HCL MyXalytics 安全漏洞
HCL MyXalytics is an analytics software product from HCL India. It is used to perform data analysis and other related tasks. A security vulnerability exists in HCL MyXalytics version 6.6, which stems from a lack of proper validation and access control when automatically binding user inputs to...
USN-7695-1: Sidekiq vulnerabilities
Anas Roubi discovered that Sidekiq did not correctly sanitize certain inputs. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. CVE-2021-30151 It was discovered that Sidekiq did not correctly...