CS Money: Blind XSS on image upload

Summary: - The CSRF vulnerability make a request for support.cs.money/uploadfile; This uploadfile does not have csrf token/ origin/ reference verification! - The XSS allows to execute JS. The payload of the XSS stay in the param 'filename' of the CSRF request. Steps To Reproduce: XSS - use a prox...

Oracle Linux 7 : thunderbird (ELSA-2020-4163)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4163 advisory. 78.3.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Upda...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. When an application is running in development mode, and attacker can send or embed in another page a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local...

Oracle Linux 8 : thunderbird (ELSA-2020-4155)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

Design/Logic Flaw

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

Design/Logic Flaw

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

CVE-2020-25830

An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bugactiongrouppage.php...

CVE-2020-25288

CVE-2020-25288 affects MantisBT before 2.24.3. When editing an issue in a project with a Custom Field using a crafted Regular Expression, improper escaping of the input’s pattern attribute can cause HTML injection and, if CSP allows, execution of arbitrary JavaScript. Impact is HTML injection/XSS...

CVE-2020-25288

An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input's pattern attribute allows HTML injection and, if CSP settings permit, execution of...

CVE-2019-20921

bootstrap-select before 1.13.6 allows Cross-Site Scripting XSS. It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser...

python: XSS vulnerability in the documentation XML-RPC server in server_title field

A reflected cross-site scripting XSS vulnerability was found in Python XML-RPC server. The servertitle field is not sufficiently sanitized allowing malicious JavaScript to be injected. Successful exploitation would allow a remote attacker to execute JavaScript code within the context of the...

Security Vulnerabilities fixed in Thunderbird 78.3 — Mozilla

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Thunderbird sometimes ran the...

Security Vulnerabilities fixed in Firefox ESR 78.3 — Mozilla

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site the one suffering from the open redirect rather than the site the file was actually downloaded from. Firefox sometimes ran the onload...

Mozilla Firefox ESR < 78.3

The version of Firefox ESR installed on the remote Windows host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a...

Mozilla Firefox ESR < 78.3

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-43 advisory. - When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting i...