52 matches found
EUVD-2010-0193
Malware in sbrugna...
EUVD-2019-0093
Malware in sbrugna...
EUVD-2017-17722
Malware in sbrugna...
EUVD-2017-16588
Malware in sbrugna...
EUVD-2024-52995
Malicious code in bioql PyPI...
EUVD-2022-4321
Malicious code in bioql PyPI...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-46655
CVE-2025-46655 affects CodiMD up to version 2.5.4. The issue is a bypass of the CSP-based XSS protection for SVG uploads when using cross-origin file storage (e.g., AWS S3) in configurations where the architecture cannot insert Content-Security-Policy headers. This can allow XSS in certain storag...
CVE-2024-56173
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document...
PT-2024-36730 · Optimizely · Optimizely Configured Commerce
Name of the Vulnerable Software and Affected Versions: Optimizely Configured Commerce versions prior to 5.2.2408 Description: The issue allows malicious payloads to be stored and subsequently executed in users' browsers under specific conditions. This is a result of XSS from JavaScript in an SVG...
UBUNTU-CVE-2024-39126
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...
SUSE CVE-2012-3970
Use-after-free vulnerability in the nsTArraybase::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service...
Updated jupyter-notebook packages fix security vulnerability
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. CVE-2018-19351 It was discovered that Jupyter Notebook...
Cross-site Scripting (XSS)
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the filedownload.php process. An attacker can execute arbitrary JavaScript code by attaching and triggering malicious SVG documents. Details Cross-site scripting or...
MantisBT XSS through crafted SVG documents in file_download.php
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, filedownload.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScri...
CVE-2022-33910
CVE-2022-33910 affects MantisBT before 2.25.5. Affected area: attaching crafted SVG documents to issue reports or bugnotes. Root cause: file_download.php opens the SVG in a browser tab instead of downloading it as a file, enabling JavaScript execution in the context of the user’s browser. Impact:...
Cerberus FTP Server Enterprise Cross-Site Scripting Vulnerability
Cerberus FTP Server is a Windows-based FTP server from Cerberus USA that supports encrypted FTP sessions via FTPS and SFTP. A cross-site scripting vulnerability exists in Cerberus FTP Server Enterprise versions prior to 10.0.19, 11.x series versions prior to 11.0.4, which can be exploited by an...
Cerberus FTP Server Enterprise 跨站脚本漏洞
Cerberus FTP Server is a Windows-based FTP server from Cerberus USA that supports encrypted FTP sessions via FTPS and SFTP. A cross-site scripting vulnerability exists in Cerberus FTP Server Enterprise versions prior to 10.0.19, 11.x series versions prior to 11.0.4, which can be exploited by an...
Plone cross-site scripting vulnerability (CNVD-2021-37274)
Plone is the industry's leading open source CMS system for content management, document management and knowledge management. A stored cross-site scripting vulnerability exists in Plone 5.2.4 and earlier versions. The vulnerability can be exploited by uploading SVG or HTML documents to conduct...