CVE-2026-56698

Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs through the open parameter to execute arbitrary scripts in the application's origin when...

Cross-Site Scripting (XSS)

backstage is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to not sanitizing catalog content which allows an attacker to inject script urls in the entities stored in the catalog, which results in XSS when a user clicks on the entry...

DaloRadius - Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------- Software : DaloRadius SQLi / CSRF / XSS Author : Saadat Ullah , [email protected] Author home : http://security-geeks.blogspot.com Date : 15/3/13 Vendors : http://www.daloradius.co...

CVE-2003-0816

Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by 1 using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, 2 using the window.open method to load a file: URL containing Javascript, as demonstrated using...