5930 matches found
SUSE SLES12 Security Update : yelp-xsl (SUSE-SU-2025:02153-1)
The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:02153-1 advisory. - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Tenable has...
Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...
SUSE-SU-2025:02153-1 Security update for yelp-xsl
This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...
CVE-2025-52561
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the pdfjs-1.4.20 component under public/plugins/. An attacker can execute arbitrary JavaScript code in the context of the user's browser by injecting malicious scripts into PDF files rendered by the...
CVE-2025-47943
CVE-2025-47943 affects Gogs (self-hosted Git service). The vulnerability is a stored XSS in the PDF rendering path, caused by an outdated pdfjs-1.4.20 component located under public/plugins/. Affected versions are 0.14.0+dev and prior. The issue has been fixed in gogs.io/gogs with version 0.13.3 ...
CVE-2025-34032
A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...
PT-2025-26659 · Moodle · Moodle Lms Jmol Plugin
Name of the Vulnerable Software and Affected Versions: Moodle LMS Jmol plugin versions 6.1 and prior Description: A reflected cross-site scripting XSS issue exists due to the application's failure to properly sanitize user input before embedding it into the HTTP response. This allows an attacker ...
CVE-2025-52561
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...
CVE-2025-52561 HTMLSanitizer.jl Possible XSS
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...
CVE-2025-52561 HTMLSanitizer.jl Possible XSS
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...
CVE-2025-52561 HTMLSanitizer.jl Possible XSS
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
CVE-2025-50183
OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in...
CVE-2025-52557
Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81...
PT-2025-26606
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions 8.8.15, 9.0, 10.0 and 10.1 Description A Cross-Site Scripting XSS issue exists in the Zimbra Classic UI due to insufficient sanitization of HTML content. This allows attackers to execute arbitrary JavaScript...
CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
CVE-2025-1987
A Cross-Site Scripting XSS vulnerability has been identified in Psono-Client’s handling of vault entries of type websitepassword and bookmark, as used in Bitdefender SecurePass. The client does not properly sanitize the URL field in these entries. As a result, an attacker can craft a malicious...