5 matches found
CVE-2024-56173
Optimizely Configured Commerce (before 5.2.2408) is affected by a stored XSS vulnerability: malicious payloads can be stored and later executed in users’ browsers via JavaScript in an SVG document under certain conditions. Root cause: XSS in SVG handling. Impact is browser-side compromise of affe...
UBUNTU-CVE-2022-42890
A vulnerability in Batik of Apache XML Graphics allows an attacker to run Java code from untrusted SVG via JavaScript. This issue affects Apache XML Graphics prior to 1.16. Users are recommended to upgrade to version 1.16...
MGASA-2015-0115 Updated firefox packages fix security vulnerabilities
A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox...
Ubuntu Update for firefox regression USN-398-4
Ubuntu Update for Linux kernel vulnerabilities USN-398-4 OpenVAS Vulnerability Test $Id: gbubuntuUSN3984.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox regression USN-398-4 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
opera -- multiple vulnerabilities
iDefense reports: The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially...