13 matches found
CVE-2024-35234
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta3 on the tests-passed branch, an attacker can execute arbitrary JavaScript on users’ browsers by posting a specific URL containing maliciously crafted meta tags. This issue only...
CVE-2024-25676
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading...
CVE-2024-25676
An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and out-of-band resource loading...
CVE-2024-25676
CVE-2024-25676 affects ViewerJS 0.5.8. A component script loads content via URL TAGs without proper sanitization, enabling open redirection and out-of-band resource loading. The root cause is unsanitized URL handling in the script. Documented impacts include redirection and resource loading expos...
CVE-2009-4408
CVE-2009-4408 affects PyForum 1.0.3 (and possibly earlier versions) and possibly zForum, via the models.parser component. The root cause is improper handling of crafted BBCode (img and url tags) in posts, allowing remote XSS when a post is viewed. Publicly available references confirm multiple XS...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...
CVE-2007-4541
Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...
CVE-2007-4541
Multiple cross-site scripting XSS vulnerabilities in Olate Download od 3.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the PHPSELF variable in modules/core/uim.php and 2 url tags in a comment in modules/core/fldm.php...
CVE-2006-0156
Cross-site scripting XSS vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in 1 addpost1.php and 2 addtopic1.php...
CVE-2006-0156
Cross-site scripting XSS vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in 1 addpost1.php and 2 addtopic1.php...
CVE-2005-4665
Cross-site scripting XSS vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags...
phpBB < 2.0.17 Nested BBCode URL Tags XSS
According to its banner, the remote host is running a version of phpBB that fails to sanitize BBCode containing nested URL tags, which enables attackers to cause arbitrary HTML and script code to be executed in a user's browser within the context of the affected site. %NASLMINLEVEL 70300 C Tenabl...
CVE-2005-1068
Cross-site scripting XSS vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via url tags...