CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads

WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where...

WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads

VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where no new document has been attached, // and the old document has...

DEBIAN-CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

UBUNTU-CVE-2019-11738

If a Content Security Policy CSP directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox 6...

CVE-2018-12382

The displayed addressbar URL can be spoofed on Firefox for Android using a javascript: URI in concert with JavaScript to insert text before the loaded domain name, scrolling the loaded domain out of view to the right. This can lead to user confusion. This vulnerability only affects Firefox for...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...

feedparser Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

CVE-2017-5450

CVE-2017-5450 describes a spoofing vulnerability in Firefox for Android where the address bar can be spoofed via a javascript: URI due to incorrect parsing of the base URL. Affected: Firefox for Android versions

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

Liferay Portal CE /html/portal/flash.jsp page cross-site scripting vulnerability

Liferay Portal CE is an open source enterprise networking platform. The platform is used to build company operations, business solutions. A cross-site scripting vulnerability exists in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and earlier versions. A remote attacker can exploit...

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

CVE-2017-1000425

CVE-2017-1000425 is a cross-site scripting vulnerability in Liferay Portal CE 7.0 GA4 and older, exploitable via a javascript: URI in the movie parameter of /html/portal/flash.jsp. Affected component: flash.jsp in the portal; root cause: insufficient input sanitization of the movie parameter lead...

RedCloth Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

GHSA-R23G-3QW4-GFH2 RedCloth Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...