CVE-2025-1484

A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the system. An attacker can use this vulnerability to construct a request that will cause JavaScript code supplied ...

CVE-2025-1484

CVE-2025-1484 affects the Hitachi Asset Suite media upload component. If exploited, an attacker can craft a request that causes attacker-supplied JavaScript to execute in the victim’s browser within the application session, impacting confidentiality and integrity. Connected sources (Red Hat, NVD,...

RHEL 9 : thunderbird (RHSA-2025:8324)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8324 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

U.S. Dept Of Defense: Cross-Site Scripting (XSS) in ASP.NET via ResolveUrl on ███████

A Cross-Site Scripting XSS vulnerability was discovered in an ASP.NET web application. The issue was caused by improper handling of URLs passed to the ResolveUrl method, which failed to sanitize user-controlled input. This allowed the injection of arbitrary JavaScript payloads that could execute ...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

Important: thunderbird

Issue Overview: Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This...

RHEL 9 : thunderbird (RHSA-2025:8326)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8326 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

RHEL 9 : thunderbird (RHSA-2025:8325)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8325 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

Amazon Linux 2 : thunderbird (ALAS-2025-2859)

The version of thunderbird installed on the remote host is prior to 128.10.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2859 advisory. Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From...

CVE-2025-40651 Reflected Cross Site Scripting (XSS) in Real Easy Store

Reflected Cross-Site Scripting XSS vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal...

CVE-2025-40651

Real Easy Store suffers a Reflected Cross-Site Scripting (XSS) via the keyword parameter in /index.php?a=search. An attacker can lure a victim to a crafted URL to execute JavaScript in the browser, potentially stealing session cookies or acting on behalf of the user. The CVSS data indicates a 5.1...

CVE-2025-40651 Reflected Cross Site Scripting (XSS) in Real Easy Store

Reflected Cross-Site Scripting XSS vulnerability in Real Easy Store. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the keyword parameter in /index.php?a=search. This vulnerability can be exploited to steal...

COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076

The COOKIES module protects users from executing JavaScript code provided by third parties, e.g., to display ads or track user data without consent. Each sub-module allows to include a specific third party service in the consent management, by controlling the execution of javascript. However, thi...

PT-2025-23084 · Unknown · Real Easy Store

Name of the Vulnerable Software and Affected Versions: Real Easy Store affected versions not specified Description: A Reflected Cross-Site Scripting XSS issue allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL using the keyword parameter in...