1271 matches found
beets has a Cross-site Scripting vulnerability
During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...
DOMXSSScanner
DOM XSS Scanner & PoC Generator Developed by Vishal Bharad...
FreeBSD : Mozilla -- Mitigation bypass (1d3f0d87-4307-11f1-a627-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 1d3f0d87-4307-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2025067 reports: Mitigation bypass in the DOM: Security...
firefox security update
An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
firefox: thunderbird: Mitigation bypass in the DOM: Security component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Use-after-free in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the DOM: Core & HTML component...
firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...
firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Incorrect boundary conditions in the DOM: Device Interfaces component...
xss
CSS Style Sheet Mutation alert"This is a test" alert"...
secops-ai-threat-analyzer
🛡️ SecOpsAI: Threat Analysis & Adaptive Security Engine An e...
OESA-2026-2107 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...
Infinite loop
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...
Uncontrolled Recursion
Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to Uncontrolled Recursion in the recursive processing of deeply nested XML documents by several DOM-related operations, including...
XML Injection
Overview xmldom is an A pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. Affected versions of this package are vulnerable to XML Injection via the createProcessingInstruction function. An attacker can inject arbitrary XML nodes into the serialized output...
CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...
CVE-2026-3673
CVE-2026-3673 affects Frappe Framework 16.10.10. An authenticated attacker can store a crafted value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpolates tag content into HTML attributes and element c...
SUSE CVE-2026-6746
Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...