EUVD-2023-55067

Malicious code in bioql PyPI...

CVE-2021-24817

The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

DEBIAN-CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

PT-2022-14910 · Npm · @Acrontum/Filesystem-Template

Name of the Vulnerable Software and Affected Versions: @acrontum/filesystem-template versions prior to 0.0.2 Description: The issue is related to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. This allows for potential command...

CVE-2021-24817

The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks...

Cross-Site Scripting in @ckeditor/ckeditor5-link

Versions of status-board prior to 10.0.1 are vulnerable to Cross-Site Scripting. The createPreviewButton function fails to sanitize the href attribute of a created tag. This may allow attackers to execute arbitrary JavaScript in a victim's browser. Recommendation Upgrade to version 10.0.1 or late...