546 matches found
PT-2022-5026 · Unknown · Cert/Cc Vince
Name of the Vulnerable Software and Affected Versions: CERT/CC VINCE versions prior to 1.50.4 Description: An HTML injection issue exists due to the failure to neutralize special elements. This allows a remote attacker to inject arbitrary HTML code via a crafted email with HTML content in the...
ROS-20221007-05
Firefox browser vulnerability is related to a bounds error in HTML content processing. Exploitation The vulnerability could allow a remote attacker to create a customized website, trick the victim into opening it, cause memory corruption, and execute arbitrary code on the target system. the victi...
Multiple Reflected Cross-Site Scripting in Messages Module
Description The first occurrence affects messages.php file. The parameter stage was not properly encoded before being printed as HTML. This occurs when go parameter is set to setup value. The second instance affects save.php file. There was a POST parameter called parameter in JSON format that wa...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-06860)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that originates from a boundary error when processing HTML content. An attacker can exploit this vulnerability to execute arbitrary code...
Cross-site Scripting (XSS)
typo3/cms-core is vulnerable to cross-site scriptingXSS attacks. A malicious user with a valid backend user account is able to pass harmful HTML content via the form designer backend module of the form framework, allowing an attacker to execute malicious javascript on victim's browser...
Mozilla Thunderbird Buffer Overflow Vulnerability (CNVD-2023-59032)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Thunderbird versions prior to 91.10,...
Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2023-06864)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a buffer overflow vulnerability that originates from a boundary error when processing HTML content. An attacker could exploit this vulnerability to execute arbitrary code o...
Mozilla Thunderbird 资源管理错误漏洞
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in Mozilla Thunderbird versions prior to 91.10,...
Mozilla Thunderbird 缓冲区错误漏洞
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A buffer error vulnerability exists in Mozilla Thunderbird versions 91.0...
Cross-site Scripting (XSS)
neos/neos is vulnerable to cross-site scriptingXSS attacks. The library does not properly escape the HTML content in notification module, allowing an attacker to inject and execute malicious javascript on victim's browser...
Mattermost Server does not neutralize HTML content in an Email template field
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...
MediaWiki Open Redirect vulnerability
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.34.0-rc.0 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page...
MediaWiki makeCollapsible allows applying event handler to any CSS selector
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...
CVE-2020-1692
A flaw was found in moodle. Users' web service tokens could be exposed to other users enrolled in the same course, who have the ability to share HTML content. The highest threat from this vulnerability is to data confidentiality and integrity...
ROS-20220518-02
A vulnerability in Mozilla Thunderbird email client is related to incorrect processing of user input data when processing signed and encrypted attached messages. user input when processing signed and encrypted attached messages. Exploitation exploitation of the vulnerability could allow a remote...
DEBIAN-CVE-2022-1726
Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true in GitHub repository wenzhixin/bootstrap-table prior to 1.20.2. Disclosing session cookies, disclosing secure session data, exfiltrating data to third-parties...
GHSA-M2R2-QC49-GQW4 Gleez CMS Stored XSS
Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...
Gleez CMS Stored XSS
Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...
GHSA-88FH-8979-Q2RR Angular Redactor XSS Vulnerability
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...
Angular Redactor XSS Vulnerability
Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...