40 matches found
CVE-2026-53963
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, a malicious second factor name on an attacker-controlled account was not escaped in the delete confirmation dialog, allowing stored cross-site scripting when an administrator impersonated that...
CVE-2026-46609
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
EUVD-2026-36070
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper output encoding. This issue has been patched in version 17.4.0...
CVE-2026-46609
CVE-2026-46609 affects Umbraco CMS (ASP.NET). From 14.0.0 up to before 17.4.0, authenticated users can inject HTML into an input field, which is rendered in the backoffice confirmation dialog without proper output encoding, enabling a Cross‑Site Scripting (XSS) vector. The issue is mitigated by u...
Cross-site Scripting (XSS)
Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confirmation dialog element. An attacker can execute arbitrary scripts in the context of the affected application ...
GHSA-VR9V-27GG-QGX4 Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
PT-2026-42647
Impact Authenticated users are able to inject HTML vulnerability into an input field, which is rendered in the confirmation dialog without proper output encoding. Patches This issue has been patched in 17.4.0...
OpenClaw has an unspecified vulnerability (CNVD-2026-13375)
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that stems from the fact that the confirmation dialog box for openclaw://agent deep links only displays the first 240 characters of the message but executes the full message,...
User Interface (UI) Misrepresentation of Critical Information
Overview Affected versions of this package are vulnerable to User Interface UI Misrepresentation of Critical Information via the confirmation dialog for openclaw://agent deep links when the message preview is truncated. An attacker can mislead users into approving the execution of hidden or...
EUVD-2016-4896
Malware in sbrugna...
CVE-2025-0080
In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0080
In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-0080
In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2022-44548
There is a vulnerability in permission verification during the Bluetooth pairing process. Successful exploitation of this vulnerability may cause the dialog box for confirming the pairing not to be displayed during Bluetooth pairing...
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...
firefox: thunderbird: Improper Keypress Handling in Executable File Confirmation Dialog
A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the following issue: When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution...