Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. PoC 1- Create a resource and choose "External Link" 2- Type the following...

GHSA-GP7F-RWCX-9369 jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled

jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted wi...

DEBIAN-CVE-2022-36033

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting XSS safety. jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS because the module of parse markdown does not filter the href attribute very well. PoC 1 Step 1: load the HyperDownParser module: php $parser = new HyperDownParser; 2 Step 2: add the payload: php $text = "!";...

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

Mozilla: CSP sandbox header without `allow-scripts` can be bypassed via retargeted javascript: URI

The Mozilla Foundation Security Advisory describes this flaw as: An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link...

PT-2022-21194 · Microsoft +1 · Internet Explorer +1

Name of the Vulnerable Software and Affected Versions: Real Player version 20.0.8.310 Description: The G2 Control in Real Player allows injection of unsafe javascript: URIs in local HTTP error pages, which are displayed by the Internet Explorer core. This leads to arbitrary code execution...

GHSA-3VJF-82FF-P4R3 Incorrect protocol extraction via \r, \n and \t characters

\r, \n and \t characters in user-input URLs can potentially lead to incorrect protocol extraction when using npm package urijs prior to version 1.19.11. This can lead to XSS when the module is used to prevent passing in malicious javascript: links into HTML or Javascript see following example:...

CVE-2022-21158

A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link with javascript: scheme inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext...

MarkText 跨站脚本漏洞

MarkText is a simple and elegant Markdown editor with a focus on speed and usability.A cross-site scripting vulnerability exists in versions of MarkText prior to 0.17.0, which stems from improper handling of links using javascript:scheme in documents. A remote attacker could exploit this...

UBUNTU-CVE-2021-45472

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme among others can be used...

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping allowing a remote attacker to conduct XSS attacks as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.

...

Cross-site Scripting (XSS)

Overview markdown-it-decorate is an Add classes, identifiers and attributes to your markdown with HTML comments Affected versions of this package are vulnerable to Cross-site Scripting XSS. An attacker can add an event handler or use javascript:xxx for the link. PoC const md = require'markdown-it...

PT-2019-11770 · Jenkins · Jenkins Pegdown Formatter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins PegDown Formatter Plugin versions 1.3 and earlier Description: A stored cross-site scripting issue allows attackers who can edit descriptions and other fields to insert links with the javascript: scheme into the Jenkins UI. The PegDow...

PYSEC-2019-79

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

PYSEC-2019-9

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

CVE-2019-11813

CVE-2019-11813 applies to MISP before 2.4.107, affecting the view component app/View/Elements/Events/View/value_field.ctp. The issue is a persistent XSS via link type attributes using javascript:// links, enabling potentially scripted payloads in affected installations. Root cause is improper han...

DEBIAN-CVE-2018-19787

An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to...

CVE-2018-5176

The JSON Viewer displays clickable hyperlinks for strings that are parseable as URLs, including "javascript:" links. If a JSON file contains malicious JavaScript script embedded as "javascript:" links, users may be tricked into clicking and running this code in the context of the JSON Viewer. Thi...

UBUNTU-CVE-2018-5167

The web console and JavaScript debugger do not sanitize all output that can be hyperlinked. Both will display "chrome:" links as active, clickable hyperlinks in their output. Web sites should not be able to directly link to internal chrome pages. Additionally, the JavaScript debugger will display...