CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

CVE-2023-2325

CVE-2023-2325 affects M-Files Classic Web: Stored XSS that allows script execution in a user’s browser via stored HTML documents. Vulnerable on Classic Web before 23.10, LTS SR versions before 23.2 LTS SR4 and before 23.8 LTS SR1. Mitigation: upgrade to 23.10 or later (Classic Web), 23.2 LTS SR4 ...

Taskhub 2.8.8 Cross Site Scripting

Title: TASKHUB-2.8.8-XSS-Reflected Author: nu11secur1ty Date: 09/22/2023 Vendor: https://codecanyon.net/user/infinitietech Software: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874 Reference: https://portswigger.net/web-security/cross-site-scripting Description: T...

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

CVE-2022-45448 Cross-site Scripting in M4 PDF plugin for Prestashop sites

M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed...

PT-2023-14671 · Prestashop · M4 Pdf Plugin

Name of the Vulnerable Software and Affected Versions: M4 PDF plugin for Prestashop sites versions 3.2.3 and before Description: The M4 PDF plugin for Prestashop sites is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource "/m4pdf/pdf.php" uses templates to dynamically...

CVE-2023-23604 Creation of duplicate SystemPrincipal from less secure contexts

A duplicate SystemPrincipal object could be created when parsing a non-system html document via DOMParser::ParseFromSafeString. This could have lead to bypassing web security checks. This vulnerability affects Firefox 109...

SEO Friendly Blog CMS 1.0 Cross Site Scripting Vulnerability

Title: SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database-1.0-2023 XSS-Reflected Vulnerability Author: nu11secur1ty Vendor: https://technosmarter.com/ Software: https://github.com/technosmarter/SEO-friendly-blog-CMS-system-in-PHP-with-MYSQL-database Reference XSS:...

[SECURITY] [DLA 3419-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3419-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 12, 2023 https://wiki.debian.org/LTS -...

SUSE CVE-2023-25736

An invalid downcast from nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox 110...

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload. Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Vendor:...

Purchase Order Management 1.0 Cross Site Scripting

Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering Author: nu11secur1ty Date: 03.06.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...

SUSE CVE-2009-3050

Buffer overflow in the setpagesize function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file wit...

SUSE CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard 1 drag and 2 paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document...

SUSE CVE-2012-1944

The Content Security Policy CSP implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to condu...

SUSE CVE-2015-0803

The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service use-after-free...

SUSE CVE-2015-7186

Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger 1 a download or 2 cached profile-data reading via a file: URL in a saved HTML document...