CVE-2017-1000088

The Sidebar Link plugin allows users able to configure jobs, views, and agents to add entries to the sidebar of these objects. There was no input validation, which meant users were able to use javascript: schemes for these links...

CVE-2017-1000088

The CVE concerns Jenkins Sidebar Link Plugin. The root cause is lack of input validation for sidebar entries configured by users, enabling javascript: schemes to be used in links. This leads to cross-site scripting (XSS) in affected Jenkins objects. Connected advisories (GHSA and CNVD variants) c...

WordPress link modal cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the link modal in WordPress versions prior to 4.8.2. A remote...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2016-02671)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. The chrome.tabs.update API in Mozilla Firefox's Web Extension allows the program to navigate to javascript: URLs when the user does not have additional privileges, allowing remote attackers to...

python-django: xss in is_safe_url function

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

PYSEC-2013-21

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

PYSEC-2013-21

The issafeurl function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting XSS or other vulnerabilities into Django applications that use this function, a...

Mozilla: Code execution through javascript: URLs (MFSA 2012-56)

Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper...

DEBIAN-CVE-2011-1158

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

PYSEC-2011-21

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

security flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

security flaw

Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting XSS protection by changing the src attribute of an IMG element to a javascript: URI...

Cross site scripting

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

CVE-2006-0102

Cross-site scripting XSS vulnerability in TinyPHPForum TPF 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "a" bbcode tag, possibly the txt parameter to action.php...

security flaw

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a tag with a javascript: URL in the href attribute, aka "Firelinking."...

security flaw

The Plugin Finder Service PFS in Firefox before 1.0.3 allows remote attackers to execute arbitrary code via a javascript: URL in the PLUGINSPAGE attribute of an EMBED tag...