Mozilla Firefox < 3.0.18

The version of Firefox installed on the remote Windows host is prior to 3.0.18. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the...

Mozilla Firefox < 3.5.8

The version of Firefox installed on the remote Windows host is prior to 3.5.8. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the...

Mozilla Firefox < 3.0.18

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 3.0.18. It is, therefore, affected by a vulnerability as referenced in the mfsa2010-05 advisory. - Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support th...

Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal

Affected versions of this crate did not correctly strip namespace-incompatible tags in certain situations, causing it to incorrectly account for differences between HTML, SVG, and MathML. This vulnerability only has an effect when the svg or math tag is allowed, because it relies on a tag being...

Linux Distros Unpatched Vulnerability : CVE-2020-17353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, ...

SUSE CVE-2010-0162

Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

OPENSUSE-SU-2020:1453-1 Security update for lilypond

This update for lilypond fixes the following issues: - CVE-2020-17353: When -dsafe is used, LilyPond lacks restrictions on embedded-ps and embedded-svg boo1174949...

UBUNTU-CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

CVE-2020-17353

scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code...

CVE-2020-17353

CVE-2020-17353 affects LilyPond up to 2.20.0 and 2.21.x up to 2.21.4. When -dsafe is used, LilyPond does not restrict embedded-ps and embedded-svg, enabling execution of arbitrary PostScript/SVG content as demonstrated by vulnerable inputs. Publicly documented fixes across multiple distros includ...

CVE-2019-16665

An issue was discovered in ThinkSAAS 2.91. There is XSS via the content to the index.php?app=group&ac=comment&ts=do&js=1 URI, as demonstrated by a crafted SVG document in the SRC attribute of an EMBED element...

Wordpress FuneralPress Plugin 1.1.6 - Persistent XSS

Exploit for php platform in category web applications A low-privilege or guest user can inject code via the , and elements which are part of the wpfhuploadform form in http://site/obituaries/?id=ID&f=guestbook&m=add Scripts injected via the "photo-message" and "youtube-message" elements will be...