ROS-2-703

2.703 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability Description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...

ROS-2-691

2.691 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotely...

ROS-2-1688

2.1688 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1504

2.1504 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

ROS-2-1968

2.1968 Mozilla Firefox browser vulnerability CVE-2021-29970, CVE-2021-29976 1. Vulnerability description: CVE-2021-29970 A vulnerability in the Mozilla Firefox browser, is related to a release error in accessibility functions when processing HTML content. Exploitation of the vulnerability could...

The vulnerability of the Tab Group component in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of Tab Group components in Google Chrome and Microsoft Edge stems from the operation of processing unreliable HTML content within the data buffer, which allows operations to be performed beyond the allowed limits. Exploiting this vulnerability can enable a remote attacker to...

Check MK < 1.6.0p25, 2.0.x < 2.0.0p4 XSS Vulnerability

Check MK is prone to a cross-site scripting XSS vulnerability in the management web console. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

CVE-2021-36563

The CheckMK management web console versions 1.5.0 to 2.0.0 does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser such as JavaScript or other client-side scripts, the XSS...

Mozilla Firefox Buffer Overflow Vulnerability (CNVD-2021-90103)

Mozilla Firefox is an open source Web browser from the Mozilla Foundation in the U.S. Mozilla Firefox is vulnerable to a buffer overflow vulnerability that stems from a boundary error when processing HTML content. An attacker could exploit the vulnerability to create a specially crafted web page...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a boundary error when processing untrusted HTML content in Autofill...

Remote Code Execution (RCE)

chromium is vulnerable to remote code execution. The vulnerability exists due to a boundary error when processing untrusted HTML content in Autofill...

Google Chrome heap buffer overflow vulnerability (CNVD-2021-31243)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. A security vulnerability exists in Google Chrome that stems from a boundary error in the V8 browser engine when handling untrusted HTML content. No detailed...

Cross-site Scripting (XSS) - Stored in octobercms/library

✍️ Description OctoberCMS uses october/rain library to handle file uploads. Previously it was possible to upload malicious files with HTML content to the CMS via its Media upload feature. This security issue marked as CVE-2020-15249 was fixed in 1.0.469. But it is still possible to upload XML...

Server Side Request Forgery (SSRF)

MITREid Connect is vulnerable to Server Side Request Forgery SSRF. An attacker is able to request any URL accessible from the authorization server and display its content, leading to a Server Side Request Forgery attack via logouri parameter during registration process. Moreover, a lack of...

CVE-2020-4725

CVE-2020-4725 affects IBM Cloud APM (IBM Monitoring) 8.1.4. An authenticated user can modify HTML content via a specially crafted HTTP request to the APM UI, potentially misleading another user. Root cause: UI content modification without proper access segregation. Impact is limited to HTML conte...

IBM Monitoring File Tampering Vulnerability

IBM Monitoring is an application service from IBM USA. It provides a cloud monitoring feature. IBM Monitoring suffers from a file tampering vulnerability that allows an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI. No detailed vulnerability...

The vulnerability of the Google Chrome browser’s WebUI user interface allows a hacker to execute arbitrary code.

The vulnerability of the WebUI user interface of Google Chrome is related to the overflow of buffers in the dynamic memory during the processing of HTML content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code through a specially created web page...

CVE-2020-16270

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...

Design/Logic Flaw

OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attacker can use discovered vulnerability to inject malicious JavaScript payload to victim’s browsers in context of vulnerable applications. Executed code can be used to steal administrator’s cookies, influence HTML content of...

[ASA-202009-3] go: cross-site scripting

Arch Linux Security Advisory ASA-202009-3 ========================================= Severity: Medium Date : 2020-09-03 CVE-ID : CVE-2020-24553 Package : go Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1215 Summary ======= The package go before version 1.15.1-...