Lucene search
K

99 matches found

Cvelist
Cvelist
added yesterday16 views

CVE-2026-58228 Scheme validation bypass in Phoenix.LiveView.Utils leads to XSS via <.link>

Cross-site scripting vulnerability in phoenixframework phoenixliveview allows an attacker to bypass URL scheme validation and execute JavaScript in a victim's browser session. The Phoenix.LiveView.Utils.validdestination!/2 and Phoenix.LiveView.Utils.validlivenavigationdestination!/2 functions in...

5CVSS
Exploits0References4
NVD
NVD
added 4 days ago4 views

CVE-2026-55665

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS0.00322EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 8:51 p.m.8 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:43 p.m.27 views

CVE-2026-45011

CVE-2026-45011 affects ApostropheCMS 4.29.0, where a stored XSS can be injected via a javascript: URL in an image widget link. A user with Editor rights can publish the widget, enabling arbitrary JavaScript execution when a viewer clicks the link. Public patch status: at time of publication there...

7.3CVSS5.2AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 1:55 p.m.41 views

CVE-2026-53473 Migration-planner-ui-app: stored xss via javascript: url in agent credential link

A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user clicks this link in the user interface, the embedded malicious code executes within the user's browser...

7.3CVSS0.00187EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/26 6:0 p.m.15 views

Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot author executes JS on visitors' browsers

Summary The Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser context when clicked. Since the viewer is typically embedded...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/22 6:16 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS0.00241EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 5:21 p.m.11 views

CVE-2026-39964

TypeBot is a chatbot builder tool. In versions prior to 3.16.0, the Typebot viewer packages/embeds/js renders anchor tags from rich text bubble content without filtering the javascript: URI scheme. A bot author can set a link URL to javascript:PAYLOAD, which executes in the visitor's browser...

5.4CVSS5.8AI score0.00241EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS6.9AI score0.00937EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.20 views

PT-2026-39284

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The AccountPending.svelte component renders admin-configured "Pending User Overlay Content" using marked.parse inside @html with an incorrect DOMPurify application order. DOMPurify is applied to t...

4.8CVSS5.9AI score0.0017EPSS
Exploits1References4
OSV
OSV
added 2026/05/06 8:18 p.m.6 views

GHSA-WHQH-9PQ5-C7R3 phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Summary The SvgSanitizer::decodeAllEntities method limits recursive entity decoding to 5 iterations. By wrapping each character of javascript in an href attribute value with 5 levels of & encoding around numeric HTML entities e.g., amp;amp;amp;106; for j, an attacker can bypass both isSafe...

5.4CVSS6AI score0.00153EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/06 8:18 p.m.14 views

phpMyFAQ has a SVG Sanitizer Entity Decoding Depth Limit Bypass Leading to Stored XSS

Summary The SvgSanitizer::decodeAllEntities method limits recursive entity decoding to 5 iterations. By wrapping each character of javascript in an href attribute value with 5 levels of & encoding around numeric HTML entities e.g., amp;amp;amp;106; for j, an attacker can bypass both isSafe...

5.4CVSS6AI score0.00153EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2026/04/21 8:52 p.m.32 views

CVE-2026-40927 Docmost: XSS in Comments with JavaScript URI

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS0.00139EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 8:52 p.m.7 views

EUVD-2026-24487

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 4:22 p.m.5 views

CVE-2026-35451 Twenty: Stored XSS via BlockNote FileBlock

Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 4:22 p.m.39 views

CVE-2026-35451

CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...

5.7CVSS6.1AI score0.00244EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-34179

Docmost is open-source collaborative wiki and documentation software. Prior to 0.80.0, when leaving a comment on a page, it is possible to include a JavaScript URI as the link. When a user clicks on the link the JavaScript executes. This vulnerability is fixed in 0.80.0...

5.4CVSS5.8AI score0.00139EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/07 8:17 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of Mustache navigation templates when user-controlled values are interpolated into the href attribute without proper URL scheme validation. An attacker can execute arbitrary JavaScript in the...

4.8CVSS5.7AI score0.00176EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/07 8:17 p.m.8 views

Emissary has Stored XSS via Navigation Template Link Injection

Summary Mustache navigation templates interpolated configuration-controlled link values directly into href attributes without URL scheme validation. An administrator who could modify the navItems configuration could inject javascript: URIs, enabling stored cross-site scripting XSS against other...

4.8CVSS5.9AI score0.00176EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/29 3:22 p.m.4 views

Cross-site Scripting (XSS)

Overview trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the StringPiece.fromJSON function. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking a user into dragging and dropping a crafted...

8.2CVSS5.9AI score
Exploits0References2
Rows per page
Query Builder