9803 matches found
CVE-2026-8656
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...
CVE-2026-8656
CVE-2026-8656 affects jsondiffpatch versions before 0.7.6. The vulnerability is Cross-site Scripting (XSS) via the annotated formatter caused by improper sanitization of JSON values and property names. When an application renders annotated formatter output in the DOM from untrusted JSON/object da...
SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1830-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1830-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: -...
CVE-2026-44549
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
CVE-2026-44549
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...
OESA-2026-2351 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
OESA-2026-2350 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
OESA-2026-2349 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
OESA-2026-2292 thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.CVE-2026-8090 Memory safety bu...
dvwa_xss_lab
DVWA XSS Lab Project Introduction This project creates a...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the insecure preview of Excel file attachments. The specially crafted XLSX file paylo...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the XLSX.utils.sheettohtml function, which was rendered using @html excelHtml without...
MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)
The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...
GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...
Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State
Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...