EUVD-2017-18965

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

CVE-2017-20239

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

CVE-2017-20239

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

CVE-2017-20239 MDwiki Cross-Site Scripting via Location Hash Parameter

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

CVE-2017-20239 MDwiki Cross-Site Scripting via Location Hash Parameter

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

PT-2026-32176

MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with JavaScript payloads in the hash fragment that are parsed and rendered without...

Dynalon MDwiki 跨站脚本漏洞

Dynalon MDwiki is a lightweight Wiki system built using Markdown for content display and document management, open source in Dynalon. Dynalon MDwiki has a cross-site scripting vulnerability, which stems from insufficient cleanup of malicious code injected through the location hash parameter. This...

EUVD-2009-2942

Malware in sbrugna...

EUVD-2022-2521

Malicious code in bioql PyPI...

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

...

SUSE CVE-2008-5715

Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service application crash via JavaScript code with a long string value for the hash property aka location.hash. NOTE: it was later reported that earlier versions are also affected, and that the impact is CPU...

SUSE CVE-2009-2953

Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service CPU consumption via JavaScript code with a long string value for the hash property aka location.hash, a related issue to CVE-2008-5715...

SUSE CVE-2011-4969

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

SUSE CVE-2012-3992

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...

GHSA-579V-MP3V-RRW5 jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

Cross-Site Scripting (XSS)

sharrre is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via location hash to steal session tokens or perform unwanted actions on behalf of the user...

Slack: XSS vulnerable parameter in a location hash

Hi! There is a vulnerability on your pages, using convertro. Vulnerable parameter from location hash cvosid1, used in your live.js to call convertro code without sanitizing. On the convertro side it is sanitized, but with help of this parameter you could push another parameter typ, that leads to...

CVE-2014-1403

Cross-site scripting XSS vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value...

AZL-44421 CVE-2011-4969 affecting package python-genshi 0.7.9-1

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

USN-1722-1: jQuery vulnerability

It was discovered that jQuery incorrectly handled selecting elements using location.hash, resulting in a possible cross-site scripting XSS issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify...