43 matches found
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
firefox: thunderbird: Script element events leaked cross-origin resource status
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Script elements loading cross-origin resources generate load and error events which can leak information enabling XS-Leaks attacks...
CVE-2023-23756
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
CVE-2013-2583
Multiple cross-site scripting XSS vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript: URL, 2 malformed nested...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
PT-2024-20582 · Ckeditor4 +3 · Ckeditor4 +3
Name of the Vulnerable Software and Affected Versions: CKEditor4 versions prior to 4.24.0-lts Description: A cross-site scripting vulnerability has been discovered in the core HTML parsing module of CKEditor4. It may affect all editor instances that enabled full-page editing mode or enabled CDATA...
CVE-2023-38045
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
CVE-2023-38045
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
CVE-2023-38045 Extension - admiror-design-studio.com - XSS in Admiror Gallery component for Joomla 5.0.0-5.2.0
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
CVE-2023-23756
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
PT-2023-19180 · Joomla · Onevote
Name of the Vulnerable Software and Affected Versions: oneVote component for Joomla affected versions not specified Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. It affects the oneVote component for Joomla,...
CVE-2019-10062
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
Design/Logic Flaw
The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via for example JavaScript code in an...
Cross site scripting
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
CVE-2019-9870
CVE-2019-9870 affects the w8tcha CKEditor oEmbed plugin prior to 2019-03-14. The vulnerability stems from how plugin.js mishandles SCRIPT elements, enabling a NETWORK-exposed issue with LOW attack complexity and no required user interaction. NVD records CVSS v3.0 base score 9.8 (CRITICAL) with HI...
CVE-2019-9870
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements...
GitLab Cross-Site Scripting Vulnerability
GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...