CVE-2025-11679

Out-of-bounds Read in lwsupngemitnextline in warmcat libwebsockets allows, when the LWSWITHUPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a...

CVE-2023-2718

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability...

SUSE CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Mozilla: Leaking of sensitive information when composing a response to an HTML email with a META refresh tag

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of a Thunderbird user replying to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute and the content attribute specifying an URL. Thunderbird started a...

apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page

Impact The default landing page contained HTML to display a sample curl command which is made visible if the full landing page bundle could not be fetched from Apollo's CDN. The server's URL is directly interpolated into this command inside the browser from window.location.href. On some older...

USN-4348-1 mailman vulnerabilities

It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this to issue execute arbitrary scripts or HTML. CVE-2018-0618 It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to display arbitrary text o...

Mozilla Thunderbird < 17.0.2 Multiple Vulnerabilities

The installed version of Thunderbird is earlier than 17.0.2 and thus, is potentially affected by the following security issues : - Two intermediate certificates were improperly issued by TURKTRUST certificate authority. CVE-2013-0743 - A use-after-free error exists related to displaying HTML tabl...

[SECURITY] Fedora 11 Update: wxGTK-2.8.10-2.fc11

wxWidgets/GTK2 is the GTK2 port of the C++ cross-platform wxWidgets GUI library, offering classes for all common GUI controls as well as a comprehensive set of helper classes for most common application tasks, ranging from networking to HTML display and image manipulation...

MDVA-2008:197 : mandriva-kde-config

On Mandriva Linux 2009.0, every time a web page was opened under Konqueror, or opened in a new tab, it showed the HTML code in an editor instead of the website. This update makes Konqueror display websites correctly instead of pure HTML code. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been...

CensorNet: Cross Site Scripting Vulnerability

Hello, A cross site scripting vulnerability exists in the CensorNet Proxy Service www.censornet.com that allows scripting and html to be passed to the cgi script and displayed in the web browser. Exploit:...