24 matches found
SUSE CVE-2011-1772
Multiple cross-site scripting XSS vulnerabilities in XWork in Apache Struts 2.x before 2.2.3, and OpenSymphony XWork in OpenSymphony WebWork, allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 an action name, 2 the action attribute of an s:submit element, or 3 t...
GHSA-X65C-4FGJ-5FC3 Cross-site Scripting in pandao
pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP element...
CVE-2016-1565
Cross-site scripting XSS vulnerability in the Field Group module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with permission to configure field display settings to inject arbitrary web script or HTML via an element attribute...
kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...