Cross-site Scripting (XSS)

Overview ip-address is an A library for parsing IPv4 and IPv6 IP addresses in node and the browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the group, link, and spanAll functions, as well as the parseMessage field of thrown errors. An attacker can execute...

Cross Site Scripting (XSS)

@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...

CVE-2025-11413

A vulnerability was found in GNU Binutils 2.45. Affected is the function elflinkaddobjectsymbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used...

EUVD-2019-2752

Malware in sbrugna...

EUVD-2024-53621

Malicious code in bioql PyPI...

CVE-2025-59430

Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...

Malicious code in link-function-info-tree-sandbox (npm)

The package link-function-info-tree-sandbox was found to contain malicious code...

MAL-2025-25394 Malicious code in link-function-info-tree-sandbox (npm)

The package link-function-info-tree-sandbox was found to contain malicious code...

CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2025-29449

An issue in twonav v.2.1.18-20241105 allows a remote attacker to obtain sensitive information via the link identification function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

An issue in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the validate link function...

CVE-2024-57546

CMSimple v5.16 is affected by a vulnerability in the validate link function that can allow a remote attacker to obtain sensitive information and may enable SSRF. The issue stems from insufficient protection of internal data in the link validation path. Recommended temporary mitigation: disable th...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to unsanitized attribute values by the link Twig function. PoC php Dangerous user supplied variable % set payload = 'alertxss' % Here, Twig escapes it payload Here it is not escaped linkpayload,...

DEBIAN-CVE-2024-26647

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'linksetdscppspacket' In linksetdscppspacket, 'struct displaystreamcompressor dsc' was dereferenced in a DCLOGGERINITdsc-ctx-logger; before the 'dsc' NULL pointer check. Fixes t...

Important: php73

Issue Overview: A flaw was discovered in the link function in PHP. When compiled on Windows, it does not correctly handle paths containing NULL bytes. An attacker could abuse this flaw to bypass application checks on file paths. CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.1...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

Cross site scripting

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...

CVE-2023-42371

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component...