57717 matches found
EUVD-2026-31180
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Attribute View Name process. An attacker can execute arbitrary JavaScript code in the context of the Electron renderer process by injecting malicious input. Details Cross-site scripting or XSS is a code...
CVE-2026-47099 TeleJSON < 6.0.0 DOM-based XSS via parse() Function
TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...
Cross-site Scripting (XSS)
Overview symfony/html-sanitizer is a Provides an object-oriented API to sanitize untrusted HTML input for safe insertion into a document's DOM. Affected versions of this package are vulnerable to Cross-site Scripting XSS via incomplete URL attribute validation in UrlAttributeSanitizer. An attacke...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the CodeExtension::fileExcerpt function in WebProfiler. An attacker can execute arbitrary JavaScript code in the context of affected users by sending a specially crafted non-PHP files with \n that avoids HTM...
CVE-2026-4293
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...
EUVD-2026-31125
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.23 security and extras update
Red Hat OpenShift Container Platform release 4.20.23 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a security impact of...
MAL-2026-4200 Malicious code in art-template (npm)
Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...
Malicious code in art-template (npm)
Versions 4.13.3, 4.13.5, and 4.13.6 of art-template were published after an npm account takeover and ship a tampered browser bundle lib/template-web.js that loads remote attacker-controlled JavaScript. The final payload is the Coruna iOS exploit kit, which targets Safari on iPhone and iPad and...
firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Invalid pointer in the JavaScript: WebAssembly component...
firefox: thunderbird: Use-after-free in the JavaScript Engine component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the JavaScript Engine component...
Important: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update as...
Astra Linux - уязвимость в firefox, thunderbird
Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Astra Linux - уязвимость в firefox, thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux - уязвимость в firefox
tags that referenced a document from the same origin could have allowed script execution if the attacker’s input was sanitized using the HTML Sanitizer API. This would require the attacker to reference a JavaScript file from the same origin that contained the script to be executed. This...