Cross site scripting

Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

Mozilla: JavaScript Execution via RSS in mailbox:// origin

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

Cross-site Scripting (XSS)

Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...

LavaLite Cross-Site Scripting Vulnerability

LavaLite is an open source lightweight CMS content management system. A cross-site scripting vulnerability exists in the log creation page in LavaLite version 5.2.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScrpt code...

BookStack Cross-Site Scripting Vulnerability

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack version 0.18.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

Information disclosure

When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...

CVE-2017-1000482

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

PYSEC-2018-71

A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...

CVE-2017-1000478

ELabftw 1.7.8 is vulnerable to a stored cross-site scripting (XSS) flaw in the experiment infos component. The issue arises from unsanitized input stored and executed in the browser, enabling arbitrary JavaScript execution and denial of service. No remediation or patch details are provided in the...

Leafpub Cross-Site Scripting Vulnerability

Leafpub is an open source PHP and MySQL based code publishing tool . A cross-site scripting vulnerability exists in Leafpub version 1.2.0-beta6. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...

Invoice Ninja Cross-Site Scripting Vulnerability

Invoice Ninja is an open source financial system. The system is able to provide invoicing, collection and other functions. A cross-site scripting vulnerability exists in the invoice creation page in Invoice Ninja version 3.8.1. A remote attacker can exploit this vulnerability to cause a denial of...

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

MGASA-2017-0477 Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

Updated thunderbird packages fix security vulnerabilities

Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...

UBUNTU-CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

Debian DLA-1223-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.2-1deb7u1. We recommend that you upgrade your thunderbi...

[SECURITY] [DLA 1223-1] thunderbird security update

Package : thunderbird Version : 1:52.5.2-1deb7u1 CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7...