Mozilla Focus for iOS Spoofing Vulnerability (CNVD-2024-40517)

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS is vulnerable to a spoofing vulnerability caused by an error related to the use of Javascript links. An attacker can exploit this vulnerability to spoof URL addresses in the Focus navigation bar...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

Mozilla Focus 安全漏洞

Mozilla Focus is a browser for iOS devices from the Mozilla Foundation. Mozilla Focus for iOS is vulnerable to a spoofing vulnerability caused by an error related to the use of Javascript links. An attacker can exploit this vulnerability to spoof URL addresses in the Focus navigation bar...

PT-2024-5147 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs ACS,...

DEBIAN-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

UBUNTU-CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

CVE-2024-28246

KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's trust option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow fo...

Cross-Site Scripting(XSS)

Liferay Portal and Liferay DXP are vulnerable to Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization in the HtmlUtil.escapeJsLink method, This flaws allowing remote attackers to inject arbitrary web script or HTML via crafted javascript: style links...

PT-2024-18134 · Mozilla +1 · Firefox +1

Name of the Vulnerable Software and Affected Versions: Focus for iOS versions prior to 122 Description: An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...

CVE-2024-25147

Cross-site scripting XSS vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML v...

Medium: jsoup

Issue Overview: jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

CVE-2023-37251

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs...

MediaWiki 跨站脚本漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3, which stems from an issue found in...

Plate 跨站脚本漏洞

Plate is an open source plugin system for Udecode that makes it easier to build full-featured editors. Plate suffers from a cross-site scripting vulnerability that stems from the link plugin and link UI component not cleaning up URLs to prevent the use of the javascript: header...

SUSE CVE-2004-0905

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain...

SUSE CVE-2011-0681

The Cascading Style Sheets CSS Extensions for XML implementation in Opera before 11.01 recognizes links to javascript: URLs in the -o-link property, which makes it easier for remote attackers to bypass CSS filtering via a crafted URL...

SUSE CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

SUSE CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...

SUSE CVE-2018-5176

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...