5964 matches found
Cross-site Scripting (XSS)
Apache Deltaspike is vulnerable to cross-site scripting XSS. The application does not properly escape the windowId variable, allowing a malicious user to inject and execute arbitrary Javascript. The impact is limited because the size of the variable is cut off after 10 characters...
LavaLite Cross-Site Scripting Vulnerability
LavaLite is an open source lightweight CMS content management system. A cross-site scripting vulnerability exists in the log creation page in LavaLite version 5.2.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScrpt code...
BookStack Cross-Site Scripting Vulnerability
BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack version 0.18.4. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...
Information disclosure
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'camefrom' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafte...
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
CVE-2017-1000482
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
PYSEC-2018-71
A member of the Plone 2.5-5.1rc1 site could set javascript in the homepage property of his profile, and have this executed when a visitor click the home page link on the author page...
CVE-2017-1000478
ELabftw 1.7.8 is vulnerable to a stored cross-site scripting (XSS) flaw in the experiment infos component. The issue arises from unsanitized input stored and executed in the browser, enabling arbitrary JavaScript execution and denial of service. No remediation or patch details are provided in the...
Invoice Ninja Cross-Site Scripting Vulnerability
Invoice Ninja is an open source financial system. The system is able to provide invoicing, collection and other functions. A cross-site scripting vulnerability exists in the invoice creation page in Invoice Ninja version 3.8.1. A remote attacker can exploit this vulnerability to cause a denial of...
Leafpub Cross-Site Scripting Vulnerability
Leafpub is an open source PHP and MySQL based code publishing tool . A cross-site scripting vulnerability exists in Leafpub version 1.2.0-beta6. A remote attacker can exploit this vulnerability to cause a denial of service and execute JavaScript code...
CVE-2017-7846
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...
MGASA-2017-0477 Updated thunderbird packages fix security vulnerabilities
Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...
Updated thunderbird packages fix security vulnerabilities
Multiple vulnerabilities have been fixed in thunderbird. JavaScript Execution via RSS in mailbox:// origin CVE-2017-7846. Local path string can be leaked from RSS feed CVE-2017-7847. RSS Feed vulnerable to new line Injection CVE-2017-7848. Mailsploit From address with encoded null character is cu...
UBUNTU-CVE-2017-7846
It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...
Debian DLA-1223-1 : thunderbird security update
Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.2-1deb7u1. We recommend that you upgrade your thunderbi...
[SECURITY] [DLA 1223-1] thunderbird security update
Package : thunderbird Version : 1:52.5.2-1deb7u1 CVE ID : CVE-2017-7829 CVE-2017-7846 CVE-2017-7847 CVE-2017-7848 Multiple security issues have been found in the Mozilla Thunderbird mail client including information leaks, unintended JavaScript execution and sender address spoofing. For Debian 7...
openSUSE Security Update : Mozilla Thunderbird (openSUSE-2017-1419)
This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities : - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...
Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Windows
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...
Mozilla Thunderbird Security Advisories (MFSA2017-30, MFSA2017-30) - Mac OS X
Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...