CVE-2024-31974

The com.solarized.firedown aka Solarized FireDown Browser & Downloader application 1.0.76 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. com.solarized.firedown.IntentActivity uses a WebView component to display web content and doesn't adequately...

GitLab 13.9 < 14.0.9 / 14.1 < 14.1.4 / 14.2 < 14.2.2 (CVE-2021-22261)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting fr...

Debian dsa-5693 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5693 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5693-1 [email protected] https://www.debian.org/securit...

Mozilla Firefox Security Update (MFSA2024-21) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

Mozilla: Arbitrary JavaScript execution in PDF.js

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context...

RHEL 8 : firefox (RHSA-2024:2887)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:2887 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox...

CVE-2024-34081

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-135-01)

The version of mozilla-firefox installed on the remote host is prior to 115.11.0esr / 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-135-01 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript...

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

CVE-2024-34081

CVE-2024-34081 affects MantisBT up to version 2.26.2. Improper escaping of a custom field name lets an attacker inject HTML and, if CSP allows, execute arbitrary JavaScript when resolving/closing issues, viewing issues as a column, or printing issues. Root cause: unescaped HTML in the custom fiel...

react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js

Summary If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches This patch forces isEvalSupported to false, removing...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-29183

OpenRASP (the RASP solution) is affected by a reflected XSS in the /login page caused by reflection of the redirect parameter. The issue allows an attacker to execute arbitrary JavaScript in the context of a logged-in user. The CVE entry provides CVSS v3.1 base score 6.1 (Medium) with network att...

CVE-2024-29183 OpenRASP vulnerable to a reflected Cross-Site Scripting (XSS) attack in /login

OpenRASP is a RASP solution that directly integrates its protection engine into the application server by instrumentation. There exists a reflected XSS in the /login page due to a reflection of the redirect parameter. This allows an attacker to execute arbitrary javascript with the permissions of...