Debian DSA-5042-1 : epiphany-browser - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5042 advisory. - XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS...

Cross-site Scripting (XSS)

epiphany is vulnerable to cross-site scripting. The vulnerability exists due to server's suggestedfilename is used as the pdfname value in PDF.js...

GNOME Web Cross-Site Scripting Vulnerability (CNVD-2022-02767)

GNOME Web Epiphany is a Web browser based on the WebKit rendering engine. The product provides paginated browsing, cookie management, pop-up ad control, etc. GNOME Web has a cross-site scripting vulnerability that can be exploited by attackers to conduct vulnerability attacks via the pdfname fiel...

DEBIAN-CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

Cross site scripting

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

CVE-2021-45086 affects GNOME Web (Epiphany) where a server-provided suggested_filename is used as the pdf_name value in PDF.js, enabling XSS. Affected versions include GNOME Web before 40.4 and 41.x before 41.1; exploitation details and in-the-wild status are not shown in the provided documents. ...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

CVE-2021-45086

XSS can occur in GNOME Web aka Epiphany before 40.4 and 41.x before 41.1 because a server's suggestedfilename is used as the pdfname value in PDF.js...

PT-2021-24198 · Mozilla +4 · Pdf.Js +4

Name of the Vulnerable Software and Affected Versions: GNOME Web aka Epiphany versions prior to 40.4 GNOME Web aka Epiphany versions 41.x prior to 41.1 Description: A security issue exists due to the use of a server's suggested filename as the pdf name value in PDF.js, leading to potential XSS...

WordPress PDF.js Viewer plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...

CVE-2021-24759

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

Cross site scripting

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

CVE-2021-24759 PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting

The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks...

CVE-2021-24759

The CVE-2021-24759 affects the WordPress PDF.js Viewer plugin prior to 2.0.2. The issue is a lack of escaping for certain shortcode and Gutenberg Block attributes, enabling stored Cross-Site Scripting via inputs that could be submitted by users with a role as low as Contributor. Documented impact...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress PDF.js Viewer plugin has a cross-site scripting vulnerability in versions prior to 2.0.2, whi...

Mozilla Firefox Security Advisory (MFSA2013-99) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...