CVE-2021-31712

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

EUVD-2022-7679

Malicious code in bioql PyPI...

EUVD-2025-25698

Malicious code in bioql PyPI...

CVE-2025-7957

The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2025-7957

The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2025-7957 ShortcodeHub <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via author_link_target Parameter

The ShortcodeHub plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘authorlinktarget’ parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-leve...

CVE-2025-7957

The CVE-2025-7957 entry concerns the WordPress ShortcodeHub plugin (MultiPurpose Shortcode Builder). It is a Stored Cross-Site Scripting (XSS) vulnerability via the author_link_target parameter in all versions up to 1.7.1, allowing authenticated attackers with Contributor+ privileges to inject sc...

CVE-2024-3923

The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the linktarget parameter in all versions up to, and including, 2.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2021-21660

Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter...

Oracle Linux 9 : libreoffice (ELSA-2024-3835)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3835 advisory. - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols - Resolves: rhbz2210193 CVE-2023-0950 Array Index...

libreoffice security fix update

6.4.7.2-16.0.1 - Replace colors with Oracle colors Orabug: 32120093 - Build with --with-vendor='Oracle America, Inc.' - Added the --with-hamcrest option to configure. 1:6.4.7.2-16 - Fix CVE-2023-6185 escape url passed to gstreamer - Fix CVE-2023-6186 check link target protocols...

GHSA-M688-CX2P-RGQ9 Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...

CVE-2018-25058

A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible ...

PT-2022-8068 · Unknown · Twitter-Post-Fetcher

Name of the Vulnerable Software and Affected Versions: Twitter-Post-Fetcher versions up to 17.x Description: A vulnerability has been found in Twitter-Post-Fetcher, affecting an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to the use o...

CloudBees Jenkins Markdown Formatter Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

GHSA-QCG2-H349-VWM3 Cross-site Scripting in React Draft Wysiwyg

react-draft-wysiwyg aka React Draft Wysiwyg before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS...

Stack overflow

Stack-based buffer overflow in chrome/common/gfx/urlelider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target href attribute with a large number of path elements, which triggers the overflow wh...

CVE-2008-6998

Stack-based buffer overflow in chrome/common/gfx/urlelider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target href attribute with a large number of path elements, which triggers the overflow wh...