SUSE: Security Advisory (SUSE-SU-2022:14896-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2022:0559-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.6.1 / MFSA 2022-07 bsc1196072 CVE-2022-0566 bmo1753094 Crafted email could trigger an out-of-bounds write - Mozilla Thunderbird 91.6 / MFSA 2022-06 bsc1195682 CVE-2022-22753 bmo1732435 Privilege Escalation to...

Multiple vulnerabilities in phpUploader

Overview phpUploader provided by Dojin Club MICMNIS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2022-24435 SQL Injection CWE-89 - CVE-2022-23986 Toyama Taku reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information...

Cisco Prime Infrastructure 跨站脚本漏洞

Cisco Prime Infrastructure is an application from Cisco, Inc. A cross-site scripting vulnerability exists in Cisco Prime Infrastructure and Cisco EPN Manager, which could be exploited by an attacker to execute arbitrary script code or access sensitive browser-based information in the context of t...

Cross site scripting

A stored cross-site scripting XSS vulnerability in the component /core/admin/categories.php of PluXml v5.8.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content and thumbnail parameters...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

CVE-2022-24227

A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...

PluXml 安全漏洞

PluXml is a free and open source content management system that does not require a database to work. PluXml suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:0538)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0538-1 advisory. - Mozilla: Extensions could have bypassed permission confirmation during update CVE-2022-22754 - Mozilla: Memory safety bugs fixed in Firefox 97...

CVE-2022-0572

A heap-based buffer overflow flaw was found in vim's exretab function of indent.c file. This flaw occurs when repeatedly using ":retab." This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. Mitigation Untrusted vim scripts with -s scriptin are not...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...