6727 matches found
firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...
WordPress plugin Smash Balloon Social Photo Feed 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Smash Balloon Social Photo Feed plugin suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping...
ALSA-2025:8308 Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details CVE-2025-5267 firefox: thunderbird: Potential local code execution ...
RHEL 9 : firefox (RHSA-2025:8293)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8293 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...
Medium: yelp-xsl
Issue Overview: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155 Affected Packages: yelp-xsl...
[SECURITY] [DLA 4185-1] yelp-xsl security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 5927-1] yelp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5927-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 28, 2025 https://www.debian.org/security/faq -...
DRUPAL-CONTRIB-2025-072
This module addresses the General Data Protection Regulation GDPR and the EU Directive on Privacy and Electronic Communications. The module doesn't sufficiently verify whether "disabled JavaScript" entries are valid or correspond to actual scripts on the page. As a result, an attacker could injec...
Debian dla-4185 : yelp-xsl - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4185 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/...
Debian dla-4184 : libyelp-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4184 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4184-1 [email protected] https://www.debian.org/lts/security/...
CVE-2025-5263
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...
UBUNTU-CVE-2025-5263
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...
CVE-2025-5263 Error handling for script execution was incorrectly isolated from web content
Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks. This vulnerability was fixed in Firefox 139, Firefox ESR 115.24, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...
Alibaba Cloud Linux 3 : 0078: yelp (ALINUX3-SA-2025:0078)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0078 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-3155: A flaw was found in Yelp. The Gnome...
Mozilla -- cross-origin leak attack
[email protected] reports: Error handling for script execution was incorrectly isolated from web content, which could have allowed cross-origin leak attacks...
CVE-2025-48378
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
OESA-2025-1543 yelp-xsl security update
This package contains XSL stylesheets that are used by the yelp help browser. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate us...
OESA-2025-1535 yelp security update
Yelp is the help viewer in GNOME. It natively views Mallard, DocBook, man, info, and HTML documents. It can locate documents according to the freedesktop.org help system specification. Security Fixes: A flaw was found in Yelp. The Gnome user help application allows the help document to execute...
CVE-2025-22997
A stored cross-site scripting XSS vulnerability in the prftablecontent component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter...
CVE-2025-21603
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL...