CVE-2025-67491 OpenEMR has Stored XSS in ub04 helper

OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04 helper of the billing interface. The variable $data is passed in a click event handler enclosed in...

CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...

NiceGUI 跨站脚本漏洞

NiceGUI is an easy-to-use, Python-based UI framework from NiceGUI Open Source. A cross-site scripting vulnerability exists in NiceGUI versions 2.22.0 through 3.4.1, which stems from an insecure implementation of the click event listener and could lead to cross-site scripting attacks...

CVE-2024-5739

The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS UXSS vulnerability. This vulnerability allows for cross-site scripting XSS where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app...

Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS

The plugin does not sanitise or validate some of its shortcode parameters, such as "color", "size" or "class", allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS triggered in...

CVE-2020-28409

The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component e.g., a button when events such as click, hover, etc. occur...

CVE-2020-28409

The CVE-2020-28409 entry describes a reflected/in-page XSS in Dundas BI up to version 8.0.0.1001, triggered by adding a UI Component (for example, a button) and subsequent events such as click or hover. The vulnerability affects Dundas BI’s server-side handling when these events occur, enabling s...

CVE-2010-0650

WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event...

CVE-2010-0650

CVE-2010-0650 affects WebKit used by Google Chrome (pre-4.0.249.78) and Apple Safari. The flaw allows remote attackers to bypass restrictions on popup windows via crafted mouse click events. Public updates exist: openSUSE/SUSE and Mandriva advisories reference libwebkit/webkit updates addressing ...

RedHat Update for seamonkey RHSA-2008:0882-01

Check for the Version of seamonkey OpenVAS Vulnerability Test RedHat Update for seamonkey RHSA-2008:0882-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CVE-2006-4732

Unspecified vulnerability in Microsoft Visual Basic VB 6 has an unknown impact "overflow" via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object...

CVE-2006-4732

The CVE concerns Microsoft Visual Basic 6 (VB6). A vulnerability arises in a project containing a specific Click event procedure (demonstrated with msgbox and VB.Label) that causes an unspecified overflow. The affected component is the VB6 runtime/IDE context where the Click event triggers the ov...

CVE-2006-4732

Unspecified vulnerability in Microsoft Visual Basic VB 6 has an unknown impact "overflow" via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object...

CVE-2005-0146

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation...

CVE-2005-0145

CVE-2005-0145 affects Firefox up to version prior to 1.0. The vulnerability arises because Firefox does not properly distinguish between user-generated and synthetic click events, allowing a malicious page to use JavaScript to bypass the file download prompt via the Alt-click feature. Impact is t...

CVE-2005-0145

Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature...

Synthetic middle-click event can steal clipboard contents — Mozilla

Script-generated middle-click events can steal clipboard contents on systems where that action is a paste. Middle-click paste is the default behavior on Unix systems, and a hidden option elsewhere...

Microsoft Internet Explorer Mouse Click Event Hijacking Vulnerability

Description A vulnerability exists in Internet Explorer when handling specific DHTML events, allowing a malicious Web page to intercept mouse click events to perform unintended drag and drop operations. In particular, it is possible to simulate a mouse drag and drop event through use of the moveB...

MSIE-&gt;HijackClick: 1+1=2

HijackClick: 1+1=2. tested Browser Ver MS Internet Explorer: 6.0.2600.0000.xpclntqfe.021108-2107; Encryption: 128-bit; Patch:; Q810847; So, it's far from fully patched. OS Ver: "Windows XP Cn ver" demo POF VER http://www.safecenter.net/liudieyu/HijackClick/HijackClick-MyPage.HTM or...