Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

93 matches found

SUSE CVE
SUSE CVEadded 2023/02/15 6:18 a.m.1 views

SUSE CVE-2005-0752

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...

7.5CVSS7.8AI score0.03515EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:11 a.m.3 views

SUSE CVE-2007-3844

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

4.3CVSS8.1AI score0.21702EPSS
Exploits3References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:59 a.m.2 views

SUSE CVE-2010-1236

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting...

4.3CVSS5.9AI score0.00617EPSS
Exploits1References4
SUSE CVE
SUSE CVEadded 2023/02/15 5:55 a.m.1 views

SUSE CVE-2011-0048

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a 1 javascript: or 2 data: URI in the URL aka bugfileloc field, which allows remote attackers to conduct cross-site scripting XSS attacks against logged-out users via a crafted UR...

4.3CVSS5.8AI score0.00704EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 4:11 a.m.1 views

SUSE CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

6.1CVSS7.7AI score0.01603EPSS
Exploits0References9
SUSE CVE
SUSE CVEadded 2023/02/15 4:1 a.m.1 views

SUSE CVE-2020-8294

A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format...

5.4CVSS5.2AI score0.00391EPSS
Exploits0References6
SUSE CVE
SUSE CVEadded 2023/02/15 3:24 a.m.1 views

SUSE CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS8.4AI score0.00523EPSS
Exploits0References12
OSV
OSVadded 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS8.4AI score0.00523EPSS
Exploits0References1
Prion
Prionadded 2022/12/22 8:15 p.m.15 views

Code injection

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

6.8CVSS8.2AI score0.00523EPSS
Exploits0References4Affected Software3
CVE
CVEadded 2022/12/22 12:0 a.m.450 views

CVE-2022-34468

CVE-2022-34468: An iframe that is not allowed to run scripts could execute scripts when a user clicked a javascript: link. Affected: Firefox <102, Firefox ESR <91.11, Thunderbird <102, Thunderbird

8.8CVSS8.5AI score0.00523EPSS
Exploits0References4Affected Software3
Cvelist
Cvelistadded 2022/12/22 12:0 a.m.14 views

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.7AI score0.00523EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2022/09/01 1:15 p.m.1 views

CVE-2022-38790

Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting XSS bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluste...

5.4CVSS5.7AI score0.00322EPSS
Exploits1References5
Prion
Prionadded 2022/07/25 2:15 p.m.15 views

Code injection

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...

5.8CVSS6.3AI score0.00234EPSS
Exploits1References1
Cvelist
Cvelistadded 2022/07/25 2:5 p.m.10 views

CVE-2020-28459 Cross-site Scripting (XSS)

This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link...

7.3CVSS7.2AI score0.00234EPSS
Exploits1References1
OSV
OSVadded 2022/07/05 12:0 a.m.0 views

UBUNTU-CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2022/07/01 2:2 a.m.2 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2022/07/01 1:31 a.m.2 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2022/07/01 12:27 a.m.1 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2022/06/30 11:27 p.m.2 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References6
RedHat Linux
RedHat Linuxadded 2022/06/30 11:21 p.m.3 views

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

8.8CVSS7.3AI score0.00523EPSS
Exploits0References6
Rows per page
Query Builder