CVE-2024-8239

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...

CVE-2024-8239

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...

CVE-2024-8239

The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in certain contexts, like the malicious user's profile or pages where the starbox shortcode is used, which may be abused by users with at least the contributor role to conduct Stored XSS attacks...

CVE-2023-30792

Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources...

Reflected XSS vulnerability in Jenkins markup formatter preview

Jenkins allows administrators to choose the markup formatter to use for descriptions of jobs, builds, views, etc. displayed in Jenkins. When editing such a description, users can choose to have Jenkins render a formatted preview of the description they entered. Jenkins 2.274 and earlier, LTS...

jenkins: Reflected XSS vulnerability in markup formatter preview

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...

CVE-2021-21610

A flaw was found in jenkins. A cross-site scripting XSS vulnerability is possible due to the lack of restrictions in URL rendering in the formatted previews of markup passed as a query parameter if the configured markup formatter does not prohibit unsafe elements in the markup. The highest threat...

Cross-site Scripting (XSS)

jenkins is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter...

CVE-2021-21610

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting XSS vulnerability if the configured markup formatter does not prohibit unsafe...

Cross site scripting

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting XSS vulnerability if the configured markup formatter does not prohibit unsafe...

CVE-2020-12409

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

Code injection

When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL. This vulnerability affects Firefox 77...

Security Vulnerabilities fixed in Firefox 77 — Mozilla

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. Mozilla Developer Iain Ireland...

GHSA-7RP2-FM2H-WCHJ Django Cross-site Scripting in AdminURLFieldWidget

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

CVE-2017-0241

Mode C: CVE-2017-0241 affects Microsoft Edge. The vulnerability is an elevation of privilege when Edge renders a domain-less URL, allowing actions in the Intranet Zone. Affected component: Edge rendering/domain handling; root cause details are not fully enumerated in the provided docs beyond the ...

CVE-2016-6908

Characters from languages are such as Arabic, Hebrew are displayed from RTL Right To Left order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with first strong character such as an IP...

CVE-2016-5163

The CVE-2016-5163 issue affects Google Chrome’s bidirectional-text handling in the address bar (omnibox). Specifically, before Chrome 53.0.2785.89 on Windows/OS X and before 53.0.2785.92 on Linux, RTL Unicode text could cause the address bar to render URLs incorrectly, enabling spoofing via craft...

Internet Explorer Response Redirect Information Disclosure (CVE-2010-0255)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer that fails to prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access...

Safari < 4.0.3 Multiple Vulnerabilities

Binary data 5125.prm...