47 matches found
EUVD-2026-28127
Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
USN-8089-2 golang-golang-x-net-dev vulnerabilities
USN-8089-1 fixed vulnerabilities in Go Networking. This update provides the corresponding update to code vendored in golang-golang-x-net-dev. Original advisory details: Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go...
InvoiceShelf 代码问题漏洞
InvoiceShelf is an open-source invoice and expense management application developed by InvoiceShelf. Versions of InvoiceShelf prior to 2.2.0 had code vulnerabilities. These vulnerabilities stemmed from uncleaned HTML provided by users in the payment receipt PDF generation module, which could lead...
GitLab 安全漏洞
GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. Security vulnerabilities exist in versions of GitLab EE 15.4 to 18.8.7,...
Ubuntu 22.04 LTS / 24.04 LTS : Go Networking vulnerabilities (USN-8089-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8089-1 advisory. Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could ha...
USN-8089-1: Go Networking vulnerabilities
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and Kaan Onarlioglu discovered that servers using Go Networking could hang during shutdown if preempted by a fatal error. An attacker could possibly use this to cause a denial of service. This issue only affected Ubuntu 22.04 LT...
CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...
CTERA Portal 安全漏洞
CTERA Portal is an enterprise-grade cloud data management platform from CTERA. A security vulnerability exists in Ctera Portal version 8.1.x, which stems from improper handling of HTML files and could lead to server-side request forgery...
EUVD-2021-25584
Malware in sbrugna...
Cross-site Scripting
Mavo is vulnerable to Cross-site Scripting. The vulnerability is due to improper handling of HTML elements, allowing attackers to inject a crafted element and execute arbitrary code...
CVE-2024-47604
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
CVE-2024-47604
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser...
PT-2024-24611 · Tcpdf +1 · Tcpdf +1
Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.7.4 Description: The issue is related to how TCPDF handles calls that use HTML syntax. This mishandling can potentially lead to security issues. Recommendations: For versions prior to 6.7.4, update to version 6.7.4 o...
USN-6717-1 thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
Mozilla: Improper handling of html and body tags enabled CSP nonce leakage
The Mozilla Foundation Security Advisory describes this flaw as: Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies...
USN-6580-1 w3m vulnerability
It was discovered that w3m incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code...
SUSE-SU-2023:3701-1 Security update for go1.21
This update for go1.21 fixes the following issues: Update to go1.21.1 bsc1212475. - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template bsc1215084. - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template...