Lucene search
K

21 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в firefox

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...

6.1CVSS6.7AI score0.00439EPSS
Exploits0References1
CVE
CVE
added 2022/12/22 12:0 a.m.157 views

CVE-2022-34473

Summary: CVE-2022-34473 is a vulnerability in Mozilla Firefox prior to 102 where the HTML Sanitizer failed to sanitize the xlink:href attribute of SVG elements. This could enable attacker-controlled input to bypass sanitization, potentially enabling script execution or other abuses via SVG refer...

6.1CVSS6.8AI score0.00439EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2022/07/05 12:0 a.m.36 views

CVE-2022-34473

The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox 102...

6.1CVSS6.8AI score0.00439EPSS
Exploits0References3
NVD
NVD
added 2020/11/12 6:15 p.m.18 views

CVE-2019-17566

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests...

7.5CVSS7.4AI score0.00831EPSS
Exploits0References10
CVE
CVE
added 2020/11/12 12:0 a.m.287 views

CVE-2019-17566

CVE-2019-17566 (Apache Batik) is a server-side request forgery caused by improper input validation in xlink:href attributes, potentially allowing an attacker to trigger arbitrary GET requests from the vulnerable server. Connected advisories reference Batik-related SSRF issues across IBM JRS, SUSE...

7.5CVSS8.2AI score0.00831EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2020/06/18 3:55 p.m.50 views

CVE-2019-17566

A flaw was found in the Apache Batik library, where it is vulnerable to a Server-Side Request Forgery attack SSRF via "xlink:href" attributes. This flaw allows an attacker to cause the underlying server to make arbitrary GET requests. The highest threat from this vulnerability is to system...

5CVSS4.1AI score0.00831EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/03/20 12:0 a.m.10 views

CVE-2019-13389

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

6AI score0.00406EPSS
Exploits0References2
OSV
OSV
added 2020/02/27 8:36 p.m.11 views

GHSA-8RC5-HX3V-2JG7 Sanitizer bypass in svg-sanitizer

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

6.1CVSS6.2AI score0.00159EPSS
Exploits1References3
Node.js
Node.js
added 2020/01/10 8:46 p.m.95 views

Cross-Site Scripting

Overview Versions of angular prior to 1.5.0-beta.1 are vulnerable to Cross-Site Scripting. The package fails to sanitize xlink:href attributes, which may allow attackers to execute arbitrary JavaScript in a victim's browser if the value is user-controlled. Recommendation Upgrade to version...

4.3CVSS4.4AI score0.00097EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/12/11 4:15 p.m.9 views

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

6.1CVSS6.8AI score
Exploits0References1
NVD
NVD
added 2019/12/11 4:15 p.m.9 views

CVE-2019-10772

It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by the sanitizer...

6.1CVSS6.3AI score0.00159EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2019/12/03 2:58 p.m.1 views

angular: Cross-site Scripting (XSS) due to no proper sanitization of xlink:href attributes

A cross-site scripting XSS flaw was found in Angular. This flaw occurs due to improper sanitation of xlink:href attributes, which allows the web application to deliver data to users, along with other trusted content, without proper validation...

7.1CVSS6.9AI score0.00097EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2019/11/20 12:0 a.m.41 views

Debian DLA-1995-1 : angular.js security update

Earlier versions of this package package were vulnerable to Cross-site Scripting XSS due to no proper sanitization of xlink:href attributes. For Debian 8 'Jessie', this problem has been fixed in version 1.2.26-1+deb8u1. We recommend that you upgrade your angular.js packages. NOTE: Tenable Network...

7.1CVSS6.7AI score0.00097EPSS
Exploits0References3
NVD
NVD
added 2019/11/11 3:15 p.m.17 views

CVE-2019-18854

A Denial Of Service vulnerability exists in the safe-svg aka Safe SVG plugin through 1.9.4 for WordPress, related to unlimited recursion for a '' substring...

7.5CVSS7.4AI score0.00629EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2018/10/19 4:51 p.m.20 views

Server Side Request Forgery in svgSalamander

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS5.7AI score0.01078EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2018/10/19 4:51 p.m.21 views

GHSA-H3WV-47XM-4MG6 Server Side Request Forgery in svgSalamander

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.4CVSS7.2AI score0.01078EPSS
Exploits0References11
Veracode
Veracode
added 2018/05/11 2:49 a.m.6 views

Cross-Site Scripting (XSS)

TinyMCE is vulnerable to cross-siste scripting XSS. The vulnerability is possible because it does not filter xlink:href attributes...

6.4AI score
Exploits0
Prion
Prion
added 2017/03/16 3:59 p.m.12 views

Server side request forgery (ssrf)

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

5.8CVSS7.2AI score0.01078EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2017/03/16 3:0 p.m.14 views

CVE-2017-5617

The SVG Salamander aka svgSalamander library, when used in a web application, allows remote attackers to conduct server-side request forgery SSRF attacks via an xlink:href attribute in an SVG file...

7.2AI score0.01078EPSS
Exploits0References8
CVE
CVE
added 2017/03/16 3:0 p.m.90 views

CVE-2017-5617

SVG Salamander (svgSalamander) is affected by CVE-2017-5617: a crafted SVG file can trigger server-side request forgery (SSRF) via an xlink:href attribute in web applications using the library. The vulnerability impacts the SVG rendering component and is described in multiple advisories (e.g., GL...

7.4CVSS7.2AI score0.01078EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder