The vulnerability of the Apache OpenOffice office software, related to deficiencies in access control, allows attackers to gain unauthorized access to protected information.

The vulnerability of the Apache OpenOffice office software is related to deficiencies in handling hyperlinks. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information through specially created documents containing hyperlinks...

Vulnerability fixed in LibreOffice

LibreOffice has fixed a vulnerability. A malicious party can bypass the deny-list in the Windows version and execute arbitrary code execute under user privileges by inserting a rogue hyperlink into a document. The Document Foundation has released updates to fix the vulnerability in LibreOffice...

Froala Editor Cross-Site Scripting Vulnerability

Froala Editor is a Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in the hyperlink creation module in Froala Editor version 3.2.6. The vulnerability can be exploited to conduct cross-site scripting attacks via specially crafted base64 strings...

Cross site scripting

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

CVE-2021-30109

Froala Editor 3.2.6 is affected by Cross Site Scripting XSS. Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting XSS vulnerability within the hyperlink creation module...

froala editor 跨站脚本漏洞

Froala Editor is a Web-based WYSIWYG rich text editor . A cross-site scripting vulnerability exists in the hyperlink creation module in Froala Editor version 3.2.6. The vulnerability can be exploited to conduct cross-site scripting attacks via specially crafted base64 strings...

ClearURLs - An Add-On Based On The New WebExtensions Technology And Will Automatically Remove Tracking Elements From URLs To Help Protect Your Privacy

ClearURLs is an add-on based on the new WebExtensions technology and is optimized for Firefox and Chrome based browsers. This extension will automatically remove tracking elements from URLs to help protect your privacy when browse through the Internet, which is regularly updated by us and can be...

GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.info Software Link:...

GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...

UBUNTU-CVE-2021-3377

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...

CVE-2021-1221

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2021-1221 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

CVE-2021-1221 Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

Cisco Webex Meetings and Cisco Webex Meetings Server Software Hyperlink Injection Vulnerability

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this...

All versions of Apache OpenOffice through 4.1.9 can open non-http(s) hyperlinks. If the link is specifically crafted this could lead to untrusted code execution.

The Apache Openofffice project reports: The project received a report that all versions of Apache OpenOffice through 4.1.8 can open non-https hyperlinks. The problem has existed since about 2006 and the issue is also in 4.1.9. If the link is specifically crafted this could lead to untrusted code...

ismartgate PRO Clickjacking Vulnerability

iSmartGate is a smart garage door opener system. A clickjacking vulnerability exists in ismartgate PRO, which allows remote attackers to exploit the vulnerability to submit a special URL request that can be parsed by the user, which can be used to gain access to sensitive information, among other...

Shopify: Script Editor preview token still working with uninstalled application, even for unpublished script

Within the Script Editor application, it is possible to preview a script on the storefront and proceed to purchase. Once the user click on the preview link, it opens https://shop.myshopify.com/admin/scripts/preview?scriptid=scriptid which then generate a preview token to be used by the storefront...

Vulnerability fixed in Grafana

A vulnerability has been fixed in Grafana. The vulnerability allows a remote malicious person the ability to execute arbitrary code execute arbitrary code in the victim's browser. The malicious party must entice the victim to follow a rogue hyper-link to do so. Grafana has released updates to fix...

Spear-Phishing Attack Spoofs EE To Target Executives

Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details. Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be...

October 14, 2014 update for SharePoint Server 2013 (KB2889930)

October 14, 2014 update for SharePoint Server 2013 KB2889930 This article describes update KB2889930 for Microsoft SharePoint Server 2013 that was released on October 14, 2014. Improvements and Fixes Fixes the following issue: Assume that you insert a shape that contains a hyperlink into a drawin...