Lucene search
K

4 matches found

CVE
CVE
added 2024/11/26 1:33 p.m.300 views

CVE-2024-11695

CVE-2024-11695 describes a spoofing vulnerability in Mozilla Firefox and Thunderbird where a crafted URL containing Arabic script and whitespace could hide the page’s true origin, enabling spoofing. Affected versions: Firefox < 133 and Firefox ESR < 128.5; Thunderbird < 133 and Thunderbird

5.4CVSS6.1AI score0.00441EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.13 views

CVE-2022-37429

Silverstripe silverstripe/framework through 4.11 allows XSS issue 1 of 2 via JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters...

5.4AI score0.00473EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/11/21 11:59 p.m.31 views

Stored XSS using HTMLEditor

A malicious content author could add a JavaScript payload to the href attribute of a link by splitting a javascript URL with white space characters. An attacker must have access to the CMS to exploit this issue...

5.4CVSS5.4AI score0.00473EPSS
Exploits0References7Affected Software1
Huntr
Huntr
added 2022/02/27 2:50 a.m.34 views

Protocol/Hostname spoofing via Improper Input Validation

Description The uri.js doesn't remove whitespace characters from the beginning of the protocol, so it doesn't parse URLs properly. Several methods, including http.get, location.href, and fetch, strip the whitespace character in front of the protocol before sending the request. Proof of Concept...

5CVSS0.6AI score0.01995EPSS
Exploits1
Rows per page
Query Builder