CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Summary The lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. Details...

8.2CVSS7.3AI score0.00438EPSS

Exploits0References6

RedHat Linux•added 2025/08/11 5:33 p.m.•2 views

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

8.1CVSS7.3AI score0.00293EPSS

Exploits0References6

RedHat Linux•added 2025/08/11 5:31 p.m.•4 views

firefox: thunderbird: javascript: URLs executed on object and embed tags

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Firefox executed javascript: URLs when used in object and embed tags...

8.1CVSS7.3AI score0.00293EPSS

Exploits0References6

Tenable Nessus•added 2025/07/28 12:0 a.m.•2 views

FreeBSD : Mozilla -- 'javascript:' URLs execution (419bcf99-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 419bcf99-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Thunderbird executed javascript: URLs when used in object and embed tags...

8.1CVSS8.2AI score0.00293EPSS

Exploits0References3

Tenable Nessus•added 2025/07/22 12:0 a.m.•2 views

Mozilla Firefox ESR < 128.13

The version of Firefox ESR installed on the remote Windows host is prior to 128.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-58 advisory. - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140....

9.8CVSS8.5AI score0.00452EPSS

Exploits0References10

RedhatCVE•added 2025/05/22 10:46 p.m.•4 views

CVE-2022-29532

An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript: URL in the URL field, and another administrator clicks on it...

4.8CVSS6AI score0.00798EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:13 a.m.•6 views

CVE-2013-1244

Cross-site scripting XSS vulnerability in the portal module in Cisco WebEx Social allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL in the link field in a post, aka Bug ID CSCue67199...

3.5CVSS5.5AI score0.00767EPSS

Exploits0References1

RedhatCVE•added 2025/04/25 9:19 p.m.•8 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS6.8AI score0.00229EPSS

Exploits1

OSV•added 2025/04/20 10:15 p.m.•1 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS5.8AI score0.00229EPSS

Exploits1References1

Vulnrichment•added 2025/04/20 12:0 a.m.•6 views

CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

6.1CVSS6.8AI score0.00229EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by