EulerOS 2.0 SP2 : python-lxml (EulerOS-SA-2021-1352)

According to the versions of the python-lxml package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scriptin...

Nextcloud Server Cross-Site Scripting Vulnerability (CNVD-2021-09293)

Nextcloud is a set of client-server software for creating file hosting services and using them.Nextcloud Server is the server software. A cross-site scripting vulnerability exists in versions prior to Nextcloud Server 20.0.2, 19.0.5, and 18.0.11. The vulnerability stems from a lack of link...

Stored XSS in markdown file with Nextcloud Talk using Internet Explorer (NC-SA-2021-002)

A missing link validation in Nextcloud Server 20.0.1 allowed to execute a stored XSS attack on Internet Explorer users by saving a javascript url in a Markdown...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

CVE-2020-6808

CVE-2020-6808 affects Mozilla Firefox prior to version 74, where evaluating a javascript: URL that returns a string leads to a parsed HTML document whose origin URL was incorrectly reported as the originating javascript: URL. This could enable spoofing, since the document.location could display t...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

UBUNTU-CVE-2020-6808

When a JavaScript URL javascript: is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL as reported by the document.location property, for example was the originating javascript: URL which could lead to...

golang: malformed hosts in URLs leads to authorization bypass

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

CVE-2019-14809

net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an authorization bypass in some applications. This is related to a Host field with a suffix appearing in neither Hostname nor Port, and is related to a non-numeric port number. For example, an...

CVE-2019-13607

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL...

Design/Logic Flaw

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL...

CVE-2019-13607

The Opera Mini application through 16.0.14 for iOS has a UXSS vulnerability that can be triggered by performing navigation to a javascript: URL...

See how do I find Microsoft Outlook for Android mobile application XSS vulnerability-vulnerability warning-the black bar safety net

! Share today It's about the Outlook for Andriod storage typeXSSvulnerability, the author through a friend sent technology mail by chance discovered the vulnerability, after months of reproducing the structure, eventually Microsoft acknowledged the vulnerability, CVE-2019-1105-in. Vulnerability...

PYSEC-2018-12

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...

UBUNTU-CVE-2018-19787

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...

GHSA-Q44V-XC3G-V7JQ OWASP AntiSamy Cross-site Scripting vulnerability

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...