GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

CVE-2025-66522

A stored cross-site scripting XSS vulnerability exists in the Digital IDs functionality of the Foxit PDF Editor Cloud pdfonline.foxit.com. The application does not properly sanitize or encode the Common Name field of Digital IDs before inserting user-supplied content into the DOM. As a result,...

Google Chrome < 46.0.2490.71 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 46.0.2490.71. It is, therefore, affected by multiple vulnerabilities as referenced in the 201510stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers t...

EUVD-2021-25723

Malware in sbrugna...

CVE-2025-53368

Citizen is a MediaWiki skin. CVE-2025-53368 affects Citizen versions 1.9.4 up to, but not including, 3.4.0, where page descriptions are inserted into raw HTML without sanitization when using the legacy search bar. This enables stored XSS by any user with page editing privileges targeting other us...

PT-2023-20638 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the lack of sanitization or escaping of the user's clientID at "application passwords" before it is added to the DOM. This allows...

materialize-css 跨站脚本漏洞

materialize-css is a CSS framework based on Material Design. A security vulnerability exists in all versions of the materialize-css package that originates from user input being parsed as HTML/JavaScript and inserted into the Document Object Model DOM, which can be exploited by an attacker to...

GHSA-H236-G5GH-VQ6C DOM-based cross-site scripting in Froala Editor

Froala WYSIWYG HTML Editor is a lightweight WYSIWYG HTML Editor written in JavaScript that enables rich text editing capabilities for web applications. A DOM-based cross-site scripting XSS vulnerability exists in versions before 3.2.3 because HTML code in the editor is not correctly sanitized whe...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. XSS may be triggered in AngularJS applications that sanitize user-controlled HTML snippets before passing them to JQLite methods like JQLite.prepend, JQLite.after, JQLite.append, JQLite.replaceWith,...

USN-2770-1 oxide-qt vulnerabilities

It was discovered that ContainerNode::parserInsertBefore in Blink would incorrectly proceed with a DOM tree insertion in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. CVE-2015-67...

Mozilla Firefox document.write and DOM insertion memory corruption

Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...

Mozilla Firefox document.write and DOM insertion memory corruption

Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...

Mozilla Firefox document.write and DOM insertion memory corruption

Added: 11/04/2010 CVE: CVE-2010-3765 BID: 44425 OSVDB: 68905 Background Firefox is a freely available web browser for multiple platforms including Windows, Linux, and Mac OS. Problem A memory corruption vulnerability allows command execution when a user loads a specially crafted web page containi...

Mozilla Firefox / Thunderbird / Seamonkey buffer overflow

Buffer overflow on document.write and DOM insertion is used in-the-wile for hidden malware installation...

Mozilla Foundation Security Advisory 2010-73

Mozilla Foundation Security Advisory 2010-73 Title: Heap buffer overflow mixing document.write and DOM insertion Impact: Critical Announced: October 27, 2010 Reporter: Morten Krkvik Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.12 Firefox 3.5.15 Thunderbird 3.1.6 Thunderbird...

mozilla -- Heap buffer overflow mixing document.write and DOM insertion

The Mozilla Project reports: MFSA 2010-73 Heap buffer overflow mixing document.write and DOM insertion...