Kyverno policy-reporter-ui has XSS via Stored Property Values in PropertyCard Component

Summary Vue 3's v-html directive is the framework-documented mechanism for injecting raw HTML, and it intentionally disables the auto-escaping that interpolation provides. The PropertyCard.vue component uses v-html for the else branch of the URL check, meaning any non-URL string value flows...

CVE-2024-2253

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2253

Stored XSS in Testimonial Carousel For Elementor (WordPress) across versions

CVE-2023-46851

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remot...

CVE-2020-19660

Cross Site Scripting XSS pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values...

Opmantek Open-AudIT 跨站脚本漏洞

Opmantek Open-AudIT is an open source network discovery and auditing program from Opmantek USA. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in Opmantek Open-AudIT Community version 4.2.0, which stems from th...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20130108)

Several flaws were found in the processing of malformed content. Malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. CVE-2013-0744, CVE-2013-0746, CVE-2013-0750, CVE-2013-0753, CVE-2013-0754, CVE-2013-0762...