CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

GHSA-HQ57-C72X-4774 Gitea vulnerable to Cross-site Scripting

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

CVE-2025-68946

In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS...

Stored Cross-Site Scripting (XSS)

Jenkins AnchorChain Plugin is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper validation of URL schemes when generating links from workspace content, allowing attackers to inject javascript: URLs that execute malicious scripts in the Jenkins user interface...

Cross-site Scripting (XSS)

Jenkins Coverage Plugin is vulnerable to a stored Cross-Site Scripting. The vulnerability is caused by missing validation of the coverage results ID when configured via the REST API, allowing attackers with Item/Configure permission to inject a javascript: URL that executes in users’ browsers...

EUVD-2025-177298

Malicious code in passport-wasat-javascript-link npm...

CVE-2011-10036 Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of the "backendurl" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2011-10036 Nagios XI < 2011R1.9 XSS via backend_url JavaScript Link Handler

Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting XSS via the handling of the "backendurl" JavaScript link. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2025-58747

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

Linux Distros Unpatched Vulnerability : CVE-2019-12308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...

Cross-site Scripting (XSS)

Overview @tiptap/extension-link is a link extension for tiptap Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unsanitized user input allowed in setting or toggling links. An attacker can execute arbitrary JavaScript code in the context of the application by...

PT-2024-40146 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue concerns Cross-Site Scripting where authorized editors can insert javascript commands by using the url scheme javascript: in all link fields within the TYPO3 installation...

Red Hat Keycloak 跨站脚本漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A cross-site scripting vulnerability exists in Red Hat Keycloak, which stems from a flaw found in SAML client registration that could allow an...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for iOS due to a Javascript URL being loaded when dragging to the address bar. An attacker can exploit the vulnerability to bypass restrictions...

QStar Archive Solutions Security Breach

QStar Archive Solutions is QStar's range of storage technologies for managing disk arrays, object storage, tape libraries, optical libraries, WORM, and clouds private and hybrid. A security vulnerability exists in QStar Archive Solutions RELEASE3-0 Build 7 release that stems from the presence of ...

UBUNTU-CVE-2023-6210

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...

CVE-2023-30959

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...