CVE-2020-7809

ALSong 3.46 and earlier version contain a Document Object Model DOM based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Albumsab file...

Mozilla Thunderbird < 52.3

The version of Thunderbird installed on the remote Windows host is prior to 52.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-20 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith,...

Mozilla Firefox ESR < 52.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-19 advisory. - Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tys...

MAL-2025-7809 Malicious code in @dramaorg/facilis-maiores (npm)

The package @dramaorg/facilis-maiores was found to contain malicious code...

CVE-2025-7809 StreamWeasels Twitch Integration <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...

WordPress StreamWeasels Twitch Integration plugin <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gai Tanaka in WordPress Plugin StreamWeasels Twitch Integration versions = 1.9.3...

CVE-2024-7809

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack...

CVE-2024-7809

creationtimestamp| type| source ---|---|--- 2024-08-15 05:06:17+00:00| seen| https://t.me/cvedetector/3217...

CVE-2024-7809 SourceCodester Online Graduate Tracer System nbproject exposure of information through directory listing

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /tracking/nbproject/. The manipulation leads to exposure of information through directory listing. The attack...

Security Bulletin: IBM FlashSystem 840 and IBM FlashSystem V840, -AE1 models nodes are affected by vulnerabilities in Apache’s Struts library (CVE-2014-7809)

Summary Apache Struts could potentially allow a remote attacker to bypass security restrictions, caused by predictable tokens. Vulnerability Details CVEID:CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable tokens. By sendi...

Security Bulletin: IBM Call Center and Apache Struts Struts upgrade strategy (various CVEs, see below)

Summary Apache Struts is used by IBM Call Center as part of its web application framework used for creating Java EE web applications. It is vulnerable to various CVEs, listed below. We recommend upgrading to the latest supported version of Struts that was released as part of the latest FixPack 12...

Security Bulletin: Vulnerability in Apache Struts affects SAN Volume Controller and Storwize Family (CVE-2014-7809)

Summary An Open Source Apache Struts vulnerability was disclosed in August 2014. Struts is used by SAN Volume Controller and Storwize Family. Vulnerability Details CVEID: CVE-2014-7809 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused by predictable...

Schneider Electric Modicon Weak Password Recovery Mechanism for Forgotten Password (CVE-2018-7809)

An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server. This plugin only works with Tenable.ot. Please visit...

Mageia: Security Advisory (MGASA-2017-0303)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2017-18) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2020-7809

CVE-2020-7809 affects ALSong 3.46 and earlier. The vulnerability is a DOM-based cross-site scripting issue caused by improper validation of user input within ALSong, exploited when a victim is tricked into opening an ALSong Album(sab) file. The Red Hat and CNVD entries corroborate the same descri...

CVE-2020-7809 Estsoft ALSong DOM-Based XSS Vulnerability

ALSong 3.46 and earlier version contain a Document Object Model DOM based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Albumsab file...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1198)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for firefox (EulerOS-SA-2017-1197)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...