ALPINE-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

DEBIAN-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

UBUNTU-CVE-2023-39333

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...

The vulnerability of the Tinode Chat messaging platform, which allows attackers to perform cross-site scripting attacks

The vulnerability of the Tinode Chat messaging platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting specially crafted JavaScript code...

CVE-2024-8328 HWA JIUH DIGITAL TECHNOLOGY Easy test Online Learning and Testing Platform - Reflected XSS

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks...

CVE-2024-8328

CVE-2024-8328 affects the Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY. The vulnerability is a failure to properly validate a specific page parameter, enabling remote attackers with regular privileges to inject arbitrary JavaScript and perform a reflected cross-...

CVE-2024-45045

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

CVE-2024-45045

CVE-2024-45045 affects mobile variants (Android/iOS) of Collabora Online, based on LibreOffice. The vulnerability enables injection of JavaScript through URL-encoded values in links within documents, exploiting the Android JavaScript interface which can access internal functions. Non-mobile varia...

CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

CVE-2024-45045 JavaScript Injection via url encoded values in links in Collabora Office Android

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile Android/iOS device variants of Collabora Online it was possible to inject JavaScript via url encoded values in links contained in documents. Since the Android JavaScript interface allows access ...

Cross Site Scripting

phpoffice/phpspreadsheet is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to insufficient sanitization of spreadsheet styling information by \PhpOffice\PhpSpreadsheet\Writer\Html, which fails to remove or neutralize potentially harmful content before rendering it in HTML. It...

PT-2024-38943 · Hwa Jiuh Digital Technology · Easy Test Online Learning/Testing Platform

Name of the Vulnerable Software and Affected Versions: Easy test Online Learning and Testing Platform affected versions not specified Description: The Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing...

PT-2024-31396 · Collabora · Collabora Online

Name of the Vulnerable Software and Affected Versions: Collabora Online versions for mobile devices Android/iOS Description: Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile device variants, it was possible to inject JavaScript via URL encoded...

CVE-2024-45046

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker...

CVE-2024-45046 PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information

PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. In affected versions \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling information such as font names, allowing an attacker to inject arbitrary JavaScript on the page. As a result an attacker...

PT-2024-31397 · Phpoffice · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PHPSpreadsheet versions prior to 2.1.0 Description: The issue concerns the PhpOfficePhpSpreadsheetWriterHtml component, which fails to sanitize spreadsheet styling information, such as font names. This allows an attacker to inject arbitrary...

[SECURITY] [DLA 3856-1] python-html-sanitizer security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3856-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb August 26, 2024 https://wiki.debian.org/LTS -...

CVE-2024-41845 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

CVE-2024-41843 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...