firefox: DOM push subscription message could hang Firefox

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

firefox: DOM push subscription message could hang Firefox

The Mozilla Foundation's Security Advisory: By sending a specially crafted push message, a remote server could hang the parent process, causing the browser to become unresponsive...

CVE-2024-49233

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in MadrasThemes MAS Elementor allows DOM-Based XSS.This issue affects MAS Elementor: from n/a through 1.1.6...

The vulnerability of the Microsoft ActiveX object model in Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft ActiveX object model in Windows operating systems is related to buffer overflows in dynamic memory. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

WordPress Absolute Reviews plugin <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Criteria Name vulnerability discovered by Muhammad Adel ItsFadinG in WordPress Plugin Absolute Reviews versions = 1.1.3...

Malicious code in test-object-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a8444231c11ecbd30418a30d5b3805f87015c6ca2683784be6685ef4c77c25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8975 Malicious code in test-object-model (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19a8444231c11ecbd30418a30d5b3805f87015c6ca2683784be6685ef4c77c25 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-9549 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a DOM-based Cross-Site Scripting XSS vulnerability. It could be exploited by an attacker to execute arbitrary code in the context of the victim's browse...

The vulnerability of the DCOM Remote Cross-Session Activation component of the Windows operating system allows attackers to increase their privileges.

The vulnerability of the DCOM Remote Cross-Session Activation component in the Windows operating system is related to access control deficiencies. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

CVE-2024-36239

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-36231

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue typically...

CVE-2024-36228

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

CVE-2024-26053

Adobe Experience Manager versions 6.5.20 and earlier Answer: are affected by a DOM-based Cross-Site Scripting XSS vulnerability. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser session. Exploitation of this issue requires user...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

Adobe Experience Manager Cross-Site Scripting Vulnerability

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The solution supports mobile content management, marketing and sales campaign management, and multi-site management. A...

CVE-2024-27202

A DOM-based cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-33648

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kemory Grubb Recencio Book Reviews allows DOM-Based XSS.This issue affects Recencio Book Reviews: from n/a through 1.66.0...