GHSA-55X5-FJ6C-H6M8 lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through

Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...

Python < 2.7.14, 3.4.x < 3.4.8, 3.5.x < 3.5.5 PyString_DecodeEscape integer overflow (bpo-30657) - Linux

CPython aka Python is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

PT-2021-14711 · Jenkins · Jenkins Scriptler Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Scriptler Plugin versions 3.1 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability because the script content is not escaped. This vulnerability is exploitable by attackers with...

Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability Vulnerability (cisco-sa-webex-teams-xss-zLW9tD3)

According to its self-reported version, Cisco Webex Teams is affected by a vulnerability. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the...

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

Mozilla: Potential leak of redirect targets when loading scripts in a worker

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

UBUNTU-CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

CVE-2020-14421

aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen...

PT-2020-13996 · Aapanel · Aapanel

Name of the Vulnerable Software and Affected Versions: aaPanel versions 6.6.6 and earlier Description: The issue allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen. This can be done by exploiting the vulnerability in the Script...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

DEBIAN-CVE-2018-5097

A use-after-free vulnerability can occur during XSL transformations when the source document for the transformation is manipulated by script content during the transformation. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, and Firef...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

Google Chrome Security Updates (stable-channel-update-2016-07) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Sina microblogging XSS vulnerability & XSS script content analysis-vulnerability warning-the black bar safety net

TwitterXSSvulnerability point weibo.com/pub/star/g/xyyyd%22%3e%3cscript%20src=//www.. com/images/t. js%3e%3c/script%3e? type=update TwitterXSSthe contents of the script function createXHR return window. XMLHttpRequest? new XMLHttpRequest: new ActiveXObject"Microsoft. XMLHTTP"; function getappkeyu...

NaviCopa HTTP Server buffer overflow

Stack buffer overflow stack overrun on oversized request to cgi-bin directory. Script content leak with "." added to path...