Cross-site Scripting (XSS)

Overview io.jenkins.plugins:coverage is a Collects reports of code coverage or mutation coverage tools and visualizes the results. It has support for the following report formats: JaCoCo, Cobertura, and PIT. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper...

Jenkins Coverage Plugin has a stored cross-site scripting (XSS) vulnerability

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-67641

Jenkins Coverage Plugin 2.3054.ve1ff7baa123b and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a javascript: scheme URL as identifier ...

CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter

Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?nextpath query parameter allows attackers to supply arbitrary schemes e.g., javascript: that are passed directly to router.push. This results in a cross-site scripting XSS vulnerabilit...

EUVD-2006-0110

Malware in sbrugna...

EUVD-2024-53126

Malicious code in bioql PyPI...

EUVD-2024-53128

Malicious code in bioql PyPI...

EUVD-2025-19934

Malicious code in bioql PyPI...

EUVD-2022-26403

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-5118

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, failed to correctly propagate CSP restrictions to...

RHEL 8 : thunderbird (RHSA-2025:13650)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:13650 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to...

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

CVE-2025-8029

Thunderbird executed javascript: URLs when used in object and embed tags. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

CVE-2025-53599

Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme...

Naver Whale browser for iOS 安全漏洞

Naver Whale browser for iOS is a browser from the South Korean company Naver. A security vulnerability exists in Naver Whale browser for iOS prior to version 3.9.1.4206, which originates from a specially crafted JavaScript scheme that could lead to the execution of malicious scripts...

PT-2025-27863 · Unknown · Whale Browser

Name of the Vulnerable Software and Affected Versions: Whale browser for iOS versions prior to 3.9.1.4206 Description: The issue allows an attacker to execute malicious scripts in the browser via a crafted JavaScript scheme. This can be achieved by manipulating a specific JavaScript scheme...

firefox: thunderbird: Process isolation bypass using "javascript:" URI links in cross-origin frames

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A process isolation vulnerability in Firefox stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended...