CVE-2025-0996

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page. Chromium security severity: High...

Moderate: Red Hat Security Advisory: doxygen security update

An update for doxygen is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2025-0291

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2024-12694

Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2024-24595 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.41.1 Description: The issue concerns several cross-site scripting vulnerabilities in the deno doc crate, leading to Self-XSS when using deno doc --html. Specifically, there are two vulnerabilities: 1. The generated...

Glossarizer Cross-site Scripting vulnerability

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...

CVE-2024-46606

A cross-site scripting XSS vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field...

Atlassian Confluence Data Center and Server 安全漏洞

Atlassian Confluence Data Center and Server is a data center of Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server. An attacker could exploit this vulnerability to execute arbitrary HTML or JavaScript code on the victim's browser. The following...

The vulnerability of the MSHTML platform in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Microsoft Windows operating systems is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, provided that the user opens a specially crafted file...

Google Chrome Code Execution Vulnerability (CNVD-2024-26523)

Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by remote attackers to cause heap corruption via specially crafted HTML pages...

CVE-2023-5880 Cross-site Scripting (XSS) injected into Aladdin Connect garage door opener (Retrofit-Kit) configuration setup webserver console via broadcast SSID name

When the Genie Company Aladdin Connect garage door opener Retrofit-Kit Model ALDCM is placed into configuration mode the web servers “Garage Door Control Module Setup” page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allo...

The vulnerability of the MSHTML platform in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted email...

CVE-2023-48302 Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

Protect

An improper neutralization of script-related HTML tags in a web page vulnerability CWE-80 in FortiOS may allow a remote authenticated attacker to inject script related HTML tags via the SAML and Security Fabric components...

Authorization Bypass

chromium is vulnerable to Authorization Bypass. Through using a specially created HTML page, a remote attacker is be able to alter the Omnibox's the URL bar contents...

Design/Logic Flaw

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-39518 social-media-skeleton stored Cross-site Scripting vulnerability

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3...

Design/Logic Flaw

PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious that looks like xss could have been used to r...

The vulnerability of the MSHTML platform in Microsoft Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the MSHTML platform in Microsoft Windows operating systems is related to improper code generation management. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

SUSE CVE-2018-6111

An object lifetime issue in the developer tools network handler in Google Chrome prior to 66.0.3359.117 allowed a local attacker to execute arbitrary code via a crafted HTML page...