CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

Design/Logic Flaw

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

UBUNTU-CVE-2021-43531

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. If the Web Extension lacked the WebRequest permission for the hosts involved in the redirect, this would be a same-origin-violation leaking data the Web Extension should...

UBUNTU-CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

CVE-2021-43532

Summary: CVE-2021-43532 affects Firefox prior to 94 and relates to the Copy Image Link context menu. The bug allowed copying the final image URL after redirects, enabling token theft if a user pasted the URL back into a page and the URL leaked authentication tokens. The underlying issue involved ...

CVE-2021-43532

The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an...

November 22, 2021—KB5007266 (OS Build 17763.2330) Preview

November 22, 2021—KB5007266 OS Build 17763.2330 Preview 11/9/21 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a preview release known as a “C” release for the month of December 2021. There will be a monthly security release known as ...

CVE-2021-24815

The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2021-3519

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

Design/Logic Flaw

A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes...

CVE-2021-3519

CVE-2021-3519 affects some Lenovo Desktop models where enabling the BIOS setting “BIOS Password At Boot Device List” (Yes) can allow unauthorized access to the boot menu. The vulnerability is described as a physical-access issue with impact on confidentiality, integrity, and availability (CVSSv3....

ThinkStation 授权问题漏洞

Lenovo ThinkStation is a desktop workstation from the Chinese company Lenovo. An authorization issue vulnerability exists in ThinkStation, which can be exploited to gain unauthorized access to the boot menu when "BIOS Password At Boot Device List" is set to True...

Mozilla Firefox Security Advisory (MFSA2015-49) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

WordPress Restaurant Menu by MotoPress Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blog sites on servers with PHP and MySQL. WordPress Restaurant Menu by MotoPress Plugin in version 2.4.0 and earlier has a cross-site scripting...

com.alibaba.rsocket:alibaba-broker-server (>=1.0.0.M1 <=1.0.0.RC3), com.dorkbox.GradleVaadin:com.dorkbox.GradleVaadin.gradle.plugin (=0.1) +108 more potentially affected by CVE-2021-33611 via org.webjars.bowergithub.vaadin:vaadin-menu-bar (>=1.0.3 <=1.2.0)

org.webjars.bowergithub.vaadin:vaadin-menu-bar MAVEN version =1.0.3, =1.0.0.M1, =1.0, =14.0.0, =0.0.3, =1.0.0, =0.3.1, =1.0.0, =1.0.0, =0.5.1, =2.0.1, =2.0.1, =2.0.1, =2.0.1, =2.2.3 and more Source cves: CVE-2021-33611 Source advisory: OSV:GHSA-93C4-VF86-3RJ7...

Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

GHSA-93C4-VF86-3RJ7 Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...

Cross-site Scripting (XSS)

vaadin-menu-bar is vulnerable to cross-site scripting. The vulnerability exists due to the lack of output sanitization in test sources, which allows an attacker to execute malicious javascript in the browser by opening the crafted URL...

CVE-2021-33611

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 Vaadin 14.0.0 through 14.4.4 allows remote attackers to execute malicious JavaScript in browser by opening crafted URL...