Lucene search
K

165 matches found

Patchstack
Patchstack
added 2024/06/27 12:0 a.m.17 views

WordPress Wonder PDF Embed Plugin <= 2.7 is vulnerable to Cross Site Scripting (XSS)

Software Wonder PDF Embed Type Plugin Vulnerable versions = 2.7 Fixed in 2.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 563e16943dd0 Credits Yudistira Arya Required privilege Author...

6.9AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.18 views

WordPress EmbedPress Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)

Software EmbedPress Type Plugin Vulnerable versions = 4.0.2 Fixed in 4.0.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 86a2108fb08b Credits Yudistira Arya Required privilege...

6.9AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.18 views

WordPress PDF Embedder Plugin <= 4.7.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF Embedder Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.8.0 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7794a505b744 Credits m3ez Required...

6.6AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.21 views

WordPress ARI Fancy Lightbox Plugin <= 1.3.14 is vulnerable to Cross Site Scripting (XSS)

Software ARI Fancy Lightbox Type Plugin Vulnerable versions = 1.3.14 Fixed in 1.3.15 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID c2fee65eb87c Credits Yudistira...

6.5AI score0.72648EPSS
Exploits15References2Affected Software1
Patchstack
Patchstack
added 2024/06/27 12:0 a.m.22 views

WordPress PDF.js Viewer Plugin <= 2.1.8.1 is vulnerable to Cross Site Scripting (XSS)

Software PDF.js Viewer Type Plugin Vulnerable versions = 2.1.8.1 Fixed in 2.2 OWASP Top 10 A6: Vulnerable and Outdated Components Classification Cross Site Scripting XSS CVE CVE-2024-4367 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b8e9d442ad86 Credits Yudistira Arya...

6.6AI score0.72648EPSS
Exploits15References2Affected Software1
OSV
OSV
added 2024/06/14 1:59 p.m.23 views

RLSA-2024:3784 Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

8.8CVSS8.5AI score0.72648EPSS
Exploits18References7
OSV
OSV
added 2024/06/14 1:59 p.m.26 views

RLSA-2024:3783 Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...

8.8CVSS8.6AI score0.72648EPSS
Exploits18References7
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.32 views

Rocky Linux 8 : firefox (RLSA-2024:3783)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:3783 advisory. firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox:...

8.8CVSS8AI score0.72648EPSS
Exploits18References13
Tenable Nessus
Tenable Nessus
added 2024/06/14 12:0 a.m.21 views

Rocky Linux 9 : thunderbird (RLSA-2024:2888)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:2888 advisory. firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox:...

8.8CVSS8AI score0.72648EPSS
Exploits18References13
OpenVAS
OpenVAS
added 2024/06/13 12:0 a.m.23 views

Slackware: Security Advisory (SSA:2024-164-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.72648EPSS
Exploits18References10
Slackware Linux
Slackware Linux
added 2024/06/12 9:36 p.m.48 views

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-115.11.1-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For mo...

8.8CVSS7.3AI score0.72648EPSS
Exploits18
Tenable Nessus
Tenable Nessus
added 2024/06/11 12:0 a.m.29 views

Oracle Linux 8 : thunderbird (ELSA-2024-3784)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2024-3784 advisory. 115.11.0-1.0.1 - Add Oracle prefs file 115.11.0-1 - Update to 115.11.0 build2 Tenable has extracted the preceding description block directly from the...

8.8CVSS7.8AI score0.72648EPSS
Exploits18References7
RedHat Linux
RedHat Linux
added 2024/06/10 7:47 p.m.29 views

Moderate: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

8.8CVSS7.3AI score0.72648EPSS
Exploits18References7
RedHat Linux
RedHat Linux
added 2024/06/10 7:39 p.m.33 views

Moderate: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

8.8CVSS7.3AI score0.72648EPSS
Exploits18References7
OSV
OSV
added 2024/06/10 12:0 a.m.24 views

ALSA-2024:3784 Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

8.8CVSS8.5AI score0.72648EPSS
Exploits18References14
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.59 views

RHEL 8 : firefox (RHSA-2024:3783)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:3783 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

8.8CVSS8.1AI score0.72648EPSS
Exploits18References15
AlmaLinux
AlmaLinux
added 2024/06/10 12:0 a.m.39 views

Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.11.0. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsing mode CVE-2024-4767 firefox: Potential...

8.8CVSS7.8AI score0.72648EPSS
Exploits18References14
AlmaLinux
AlmaLinux
added 2024/06/10 12:0 a.m.43 views

Moderate: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.11.0 ESR. Security Fixes: firefox: Arbitrary JavaScript execution in PDF.js CVE-2024-4367 firefox: IndexedDB files retained in private browsi...

8.8CVSS7.8AI score0.72648EPSS
Exploits18References14
OSV
OSV
added 2024/06/05 2:15 p.m.37 views

GHSA-4M3G-6R7G-JV4F Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

3.6CVSS8.4AI score
Exploits0References3
OpenVAS
OpenVAS
added 2024/06/05 12:0 a.m.11 views

openSUSE Security Advisory (SUSE-SU-2024:1770-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.3AI score0.72648EPSS
Exploits20References5
Rows per page
Query Builder