1209 matches found
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
firefox: thunderbird: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
The Mozilla Foundation's Security Advisory: In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header is not respected and does not force a download, which could allow cross-site scripting XSS attacks...
CVE-2024-10461
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
CVE-2024-10461
In multipart/x-mixed-replace responses, Content-Disposition: attachment in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affects Firefox 132, Firefox ESR 128.4, Thunderbird 128.4, and Thunderbird 132...
PT-2024-24236 · Unknown · Goahead Web Server
Name of the Vulnerable Software and Affected Versions: GoAhead Web Server versions up to 6.0.0 Description: Multiple NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server when compiled with the ME GOAHEAD REPLACE MALLOC flag. Without a memory notifier for allocation failures,...
SofaWiki 3.9.2 Cross Site Scripting
Exploit Title: SofaWiki 3.9.2 - Reflected XSS Authenticated via Regex Replace Preview Date: 10/17/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Version: 3.9.2 Tested on: Windows XP Summary: A reflected...
Malicious code in config.env-replace (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-30117
A dynamic search for a prerequisite library could allow the possibility for an attacker to replace the correct file under some circumstances...
UBUNTU-CVE-2024-46721
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile-parent-dentsAAFSPROFDIR could be NULL only if its parent is made from createmissingancestors.. and 'ent-old' is NULL in aareplaceprofiles... In that case, it must return an...
CVE-2024-8734
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-8734
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-8734 Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2024-8734
CVE-2024-8734 affects the Lucas String Replace WordPress plugin (versions up to and including 2.0.5). The issue is a Reflected Cross‑Site Scripting (XSS) vulnerability caused by using add_query_arg without proper escaping on the URL, enabling unauthenticated attackers to inject scripts into pages...
CVE-2024-8734 Lucas String Replace <= 2.0.5 - Reflected Cross-Site Scripting
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 2.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
WordPress Lucas String Replace plugin <= 2.0.5 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Lucas String Replace versions = 2.0.5...