5 matches found
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure
Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...
CVE-2023-34245
@udecode/plate-link is the link handler for the udecode/plate rich-text editor plugin system for Slate & React. Affected versions of the link plugin and link UI component do not sanitize URLs to prevent use of the javascript: scheme. As a result, links with JavaScript URLs can be inserted into th...
DEBIAN-CVE-2019-16222
WordPress before 5.2.3 has an issue with URL sanitization in wpksesbadprotocolonce in wp-includes/kses.php that can lead to cross-site scripting XSS attacks...
PT-2019-5212 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 5.2.3 Description: The issue is related to incorrect URL sanitization in the wp kses bad protocol once function, which can lead to cross-site scripting XSS attacks. This could allow a remote attacker to compromise...