37 matches found
CVE-2019-25571 MediaMonkey 4.1.23 Denial of Service via Malformed URL
MediaMonkey 4.1.23 contains a denial of service vulnerability that allows local attackers to crash the application by opening a specially crafted MP3 file containing an excessively long URL string. Attackers can create a malicious MP3 file with a buffer containing 4000 bytes of data appended to a...
Cross Site Scripting (XSS)
@meshconnect/web-link-sdk is vulnerable to cross-site scripting XSS. The vulnerability is due to the lack of sanitization of URL protocols in the createLink.openLink function, which allows an attacker to execute arbitrary JavaScript code in the parent page context and access its DOM, storage,...
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
Brave Browser Desktop 安全漏洞
Brave Browser Desktop is a desktop browser from Brave USA. A security vulnerability exists in Brave Browser Desktop versions prior to 1.83.10, which stems from a failure to follow the SameSite cookie attribute for the Open Link in Split View context menu item when the Split View feature is enable...
CVE-2025-48980
In Brave Browser Desktop versions prior to 1.83.10 that have the split view feature enabled, the "Open Link in Split View" context menu item did not respect the SameSite cookie attribute. Therefore SameSite=Strict cookies would be sent on a cross-site navigation using this method...
PT-2025-44560
Name of the Vulnerable Software and Affected Versions Brave Browser versions prior to 1.83.10 Description The "Open Link in Split View" context menu item in Brave Browser Desktop did not correctly handle the SameSite cookie attribute when the split view feature was enabled. Specifically,...
EUVD-2009-2832
Malware in sbrugna...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430
Mesh Connect JS SDK contains a cross-site scripting (XSS) vulnerability in the web-link component. Prior to version 3.3.2, createLink.openLink does not sanitize the URL protocol, allowing an attacker-controlled base64-encoded payload to set an iframe src that executes arbitrary JavaScript in the ...
CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2025-59430 Mesh Connect JS SDK Vulnerable to Cross Site Scripting via createLink.openLink
Mesh Connect JS SDK contains JS libraries for integrating with Mesh Connect. Prior to version 3.3.2, the lack of sanitization of URLs protocols in the createLink.openLink function enables the execution of arbitrary JavaScript code within the context of the parent page. This is technically...
CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...
CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting
ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...
CKEditor 跨站脚本漏洞
CKEditor is an open source, web-based text editor from the individual developer Marek Lewandowski. A cross-site scripting vulnerability exists in CKEditor Open Link versions prior to 1.0.7, which originates from allowing users to execute JavaScript code by abusing the link href attribute...
PT-2024-31604 · Ckeditor · Ckeditor Open Link Plugin
Name of the Vulnerable Software and Affected Versions: ckeditor-plugin-openlink versions prior to 1.0.7 Description: A vulnerability in the ckeditor-plugin-openlink plugin for the CKEditor JavaScript text editor allowed a user to execute JavaScript code by abusing the link href attribute. This...
CVE-2024-37888
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...
CVE-2024-37888
The CVE-2024-37888 issue affects the Open Link CKEditor plugin, impacting users of versions prior to 1.0.5. The vulnerability is a cross-site scripting (XSS) flaw that enables JavaScript execution via abuse of the link href attribute in the plugin’s open link functionality. Remediation per source...
CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...
CVE-2024-37888 The Open Link CKEditor plugin has a cross-site scripting (XSS) vulnerability in open link functionality
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version 1.0.5...