The vulnerability of Microsoft Bing Search for Android, related to incorrect processing of HTML pages’ content, allows attackers to perform spamming attacks.

The vulnerability of Microsoft Bing Search for Android relates to the improper processing of HTML pages’ content. Exploiting this vulnerability allows a remote attacker to perform spamming attacks...

Design/Logic Flaw

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

PT-2020-8438

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.2.0 Mattermost Server version 4.1.1 Mattermost Server version 4.0.5 Description: An issue was discovered in Mattermost Server where e-mail templates can have a field in which HTML content is not...

Microsoft Bing Search for Android Spoofing Vulnerability

Microsoft Bing Search for Android is a search engine service for mobile devices. A spoofing vulnerability exists in Microsoft Bing Search for Android. The vulnerability stems from the program failing to properly handle certain HTML content. An attacker could exploit the vulnerability to spoof URL...

CVE-2020-1329

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'...

Spoofing

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'...

Open Redirection

mediawiki is vulnerable to open redirection. Having duplicate DOM query in the resources/src/mediawiki.page.ready/ready.js on a logout click allows an attacker to force a logout and external redirection of the usere using HTML content in a MediaWiki page...

Xxe

resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page...

Updated mediawiki packages fix security vulnerability

Updated mediawiki packages fix security vulnerability: In MediaWiki before 1.31.7, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Arbitrary Code Execution

thunderbird/firefox is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Denial Of Service (DoS)

Mozilla Thunderbird is vulnerable to Denial Of Service DoS. Several flaws were found in the processing of malformed HTML content. An HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird...

Information Disclosure

thunderbird is vulnerable to information disclosure. A same-origin policy bypass flaw was found in Thunderbird. Remote HTML content could steal private data from different remote HTML content Thunderbird has loaded...

MediaWiki 1.31.x < 1.31.7, 1.33.x < 1.33.3 and 1.34.0 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

UBUNTU-CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

Cross site scripting

Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processes HTML content of list view column headers, resulting in a stored XSS vulnerability exploitable by users able to control column headers...

Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)

Versions of Ratpack from 0.9.10 through 1.7.5 are vulnerable to CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' aka. XSS in the development error handler. An attacker can utilize this to perform XSS when an exception message contains untrusted data. As a...

Automattic: Theme Assets uploader allows HTML content

The reporter submitted a report highlighting that specially formatted yet valid HTML files were able to be uploaded as theme assets. Even though we allow for JavaScript on our blog network, we don't allow HTML files to be uploaded here so that we can restrict JavaScript execution to the blog...