Astra Linux - уязвимость в firefox

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...

CVE-2022-34473

Summary: CVE-2022-34473 is a vulnerability in Mozilla Firefox prior to 102 where the HTML Sanitizer failed to sanitize the xlink:href attribute of SVG elements. This could enable attacker-controlled input to bypass sanitization, potentially enabling script execution or other abuses via SVG refer...

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

CVE-2019-17566

CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...

CVE-2019-17566

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

GHSA-8RC5-HX3V-2JG7 Sanitizer bypass in svg-sanitizer

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

Cross-Site Scripting

Overview Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version...

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes

A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...

Debian DLA-1995-1 : angular.js security update

Earlier versions of this package package were vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. For Debian 8 'Jessie', this problem has been fixed in version 1.2.26-1+deb8u1. We recommend that you upgrade your angular.js packages. NOTE: Tenable Network...

CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring...

Server Side Request Forgery in svgSalamander

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

GHSA-H3WV-47XM-4MG6 Server Side Request Forgery in svgSalamander

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to cross-siste scripting XSS. The vulnerability is possible because it does not filter xlink:href attributes...

Server side request forgery (ssrf)

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

CVE-2017-5617

SVG Salamander (svgSalamander) is affected by CVE-2017-5617: a crafted SVG file can trigger server-side request forgery (SSRF) via an xlink:href attribute in web applications using the library. The vulnerability impacts the SVG rendering component and is described in multiple advisories (e.g., GL...