12 matches found
Exploit for CVE-2026-29971
CVE-2026-29971 An attacker can execute arbitrary JavaScript in...
Cross-site Scripting (XSS)
Overview sylius/sylius is a platform for PHP, based on Symfony framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ApiLoginController process. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious conten...
Sylius 跨站脚本漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...
EUVD-2024-45527
Malicious code in bioql PyPI...
Reflected Cross-Site Scripting (Reflected XSS)
silverstripe/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the "dev" environment mode improperly rendering error messages, allowing an attacker to execute XSS payloads by providing a malicious URL...
FreeBSD : element-web -- several vulnerabilities (ab4e6f65-a142-11ef-84e9-901b0e9408dc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab4e6f65-a142-11ef-84e9-901b0e9408dc advisory. Element team reports: Versions of Element Web and Desktop earlier than 1.11.85 do not check if...
CVE-2024-51750
CVE-2024-51750 affects Element Web/Desktop prior to version 1.11.85. A malicious homeserver can send invalid messages over federation, which can prevent rendering of single messages or the entire room containing them. The issue is documented across multiple feeds, with remediation implemented in ...
laminas-form 跨站脚本漏洞
laminas-form is an open source library , mainly used as a bridge between the domain model and the view layer . It consists of a thin object layer representing form elements, an InputFilter, and a handful of methods for binding data to the form and attaching objects. A security vulnerability exist...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
CVE-2015-8477
Cross-site scripting XSS vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering...
FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...
Mandrake Linux Security Advisory : cairo (MDKSA-2006:057)
GNOME Evolution allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains 'Content-Disposition: inline' in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually...