CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

CVE-2020-9758

LiveZilla Live Chat 8.0.1.3 (Helpdesk) is affected by CVE-2020-9758 due to a blind JavaScript injection in chat.php (name parameter). This stored XSS can reveal usernames/passwords stored in the database via the mobile/chat URI (lgn/psswrd), enabling privilege escalation from unauthenticated to u...

CVE-2020-9758

An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 Helpdesk. A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level...

UBUNTU-CVE-2020-9281

A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...

CVE-2020-9371

The CVE refers to the WordPress plugin Appointment Booking Calendar (cpabc_appointments.php). A Stored XSS exists in the Calendar Name input, allowing injection of arbitrary JavaScript/HTML in versions prior to 1.3.35. The vulnerability is triggered through normal admin functionality when creatin...

CentOS: Security Advisory for thunderbird (CESA-2020:0574)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CentOS 7 : thunderbird (RHSA-2020:0576)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0576 advisory. - When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects...

thunderbird security update

CentOS Errata and Security Advisory CESA-2020:0576 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Input validation

The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...

Envira Photo Gallery Cross-Site Scripting Vulnerability

WordPress plugin Envira Photo Gallery is a gallery plugin. A cross-site scripting vulnerability exists in Envira Photo Gallery 1.7.6 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary JavaScript code that is viewed by another user...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200224)

Security Fixes : Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 CVE-2020-6800 Mozilla: Out-of-bounds read when processing certain email messages CVE-2020-6793 Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Cross-Site Scripting (XSS)

discord-markdown is vulnerable to cross-site scripting XSS. The markdown is not properly sanitized, allowing injection of arbitrary Javascript into any website using discord-markdown with user-generated markdown...

RHEL 7 : thunderbird (RHSA-2020:0576)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0576 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fixes: Mozilla:...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...