280 matches found
EUVD-2016-6177
Malware in sbrugna...
EUVD-2024-0628
Malicious code in bioql PyPI...
GHSA-VH3F-QPPR-J97F Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
firefox: thunderbird: javascript: URLs executed on object and embed tags
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...
FreeBSD : Mozilla -- 'javascript:' URLs execution (419bcf99-685e-11f0-a12d-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 419bcf99-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Thunderbird executed javascript: URLs when used in object and embed tags...
Mozilla Firefox ESR < 128.13
The version of Firefox ESR installed on the remote Windows host is prior to 128.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-58 advisory. - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140....
CVE-2022-29532
An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it...
CVE-2013-1244
Cross-site scripting XSS vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199...
CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...
CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...
CVE-2020-36844
KnowBe4 Security Awareness Training is affected by CVE-2020-36844, a reflected XSS in versions before 2020-01-10. The vulnerability arises from a response SCRIPT element that sets window.location.href to a JavaScript URL, enabling an attacker-controlled script reflected in the page. The CVSS base...
CVE-2020-36844
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...
Trix allows Cross-site Scripting via `javascript:` url in a link
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field. Impact An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user's session,...
GHSA-J386-3444-QGWG Trix allows Cross-site Scripting via `javascript:` url in a link
The Trix editor, versions prior to 2.1.11, is vulnerable to XSS when pasting malicious code in the link field. Impact An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute arbitrary JavaScript code within the context of the user's session,...
CVE-2025-21610 Trix allows Cross-site Scripting via `javascript:` url in a link
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute...
CVE-2025-21610 Trix allows Cross-site Scripting via `javascript:` url in a link
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious javascript: URL as a link that would execute...
PT-2025-4298 · Trix · Trix
Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.12 Description: Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. The issue arises when pasting malicious code in the link field, allowing an attacker to trick the user into copyin...
jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled
A flaw was found in jsoup, a Java HTML parser built for HTML editing, cleaning, scraping, and Cross-site scripting XSS safety. An issue in jsoup may incorrectly sanitize HTML, including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the...
Mozilla Firefox for iOS Security Bypass Vulnerability (CNVD-2024-25613)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security bypass vulnerability exists in Mozilla Firefox for iOS due to a Javascript URL being loaded when dragging to the address bar. An attacker can exploit the vulnerability to bypass restrictions...