Lucene search
K

5 matches found

CNNVD
CNNVD
added 2025/11/19 12:0 a.m.4 views

Astro 跨站脚本漏洞

Astro is an Astro open source web framework for content-driven websites. A cross-site scripting vulnerability exists in Astro versions prior to 5.15.9, which stems from an image optimization endpoint that unconditionally allows data protocol URLs, potentially leading to cross-site scripting attac...

6.1CVSS5.8AI score0.00223EPSS
Exploits1References3
Hacker One
Hacker One
added 2018/09/19 3:54 a.m.21 views

Valve: code injection, steam chat client

The steam chat client allows oEmbed, apparently based on a whitelist. One of the whitelisted oEmbedis codepen. When a codepen is created, it can be sent as a link to another steam user, and the code inside the codepen will execute within the privileged Steam Chat context. You can send these codep...

8.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/02/17 12:0 a.m.32 views

Fedora 19 : icedtea-web-1.4.2-0.fc19 (2014-2071)

New in release 1.4.2 2014-02-05 : - Dialogs center on screen before becoming visible - Support for u45 new manifest attributes Application-Name - Custom applet permission policies panel in itweb-settings control panel - Plugin - PR1271: icedtea-web does not handle 'javascript:'-protocol URLs -...

5.6AI score
Exploits0References1
Prion
Prion
added 2007/06/12 8:30 p.m.19 views

Information disclosure

A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain...

4.3CVSS6.3AI score0.2504EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2004/08/06 4:0 a.m.2 views

DEBIAN-CVE-2004-0413

libsvnrasvn in Subversion 1.0.4 trusts the length field of 1 svn://, 2 svn+ssh://, and 3 other svn protocol URL strings, which allows remote attackers to cause a denial of service memory consumption and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer...

10CVSS8.3AI score0.05877EPSS
Exploits0References1
Rows per page
Query Builder