CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

CVE-2020-36171

The Elementor Website Builder plugin before 3.0.14 for WordPress does not properly restrict SVG uploads...

Kozea CairoSVG Resource Management Error Vulnerability

Kozea CairoSVG is a Python based program from the Kozea community that converts SVG files to PDF, EPS, PS and PNG files. A resource management error vulnerability exists in versions of CairoSVG prior to 2.5.1, which can be exploited by an attacker to deliver a malicious SVG and cause the program ...

Nextcloud 跨站脚本漏洞

Nextcloud Contacts is the user interface for Nextcloud's CardDAV server. A cross-site scripting vulnerability exists in Nextcloud Contacts 3.3.0. The vulnerability stems from a missing file type check. An attacker can exploit this vulnerability by uploading a malicious SVG file to conduct a...

Umbraco Cross-Site Scripting Vulnerability

Umbraco is an open source content management system CMS based on ASP.NET technology. Umbraco 8.9.1 and earlier versions are vulnerable to a stored cross-site scripting vulnerability. An attacker can exploit this vulnerability by uploading a malicious .svg file to conduct a cross-site scripting...

SolarWinds Web Help Desk Cross-Site Scripting Vulnerability (CNVD-2020-73160)

SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via an SVG document uploaded in a...

Solarwinds WebHelpDesk 跨站脚本漏洞

SolarWinds Web Help Desk is a web-based help desk work order and IT asset management software. A cross-site scripting vulnerability exists in SolarWinds Web Help Desk 12.7.0. An attacker can exploit this vulnerability to conduct a cross-site scripting attack via an SVG document uploaded in a...

Vulnerability of syntactic analysis and event loading in SVG code of Firefox web browser and Thunderbird email client, allowing attackers to perform cross-site scripting attacks (XSS).

The vulnerability of syntax analysis and event loading in SVG code of Firefox web browsers and Thunderbird email clients is related to the lack of integrity checks. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

SuiteCRM Open Redirect Vulnerability

SuiteCRM is a free open source customer relationship management application. An open redirection vulnerability exists in the Documents module in SuiteCRM 7.11.13 and earlier versions. An attacker can exploit this vulnerability to redirect users to arbitrary URLs via specially crafted SVG document...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2020-65141)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. FireFox suffers from a cross-site scripting vulnerability that stems from a mismatch between parsing and event loading in SVG code that could result in a load event being triggered, even after being...

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. FireFox suffers from a cross-site scripting vulnerability that stems from a mismatch between parsing and event loading in SVG code that could result in a load event being triggered, even after being...

UBUNTU-CVE-2020-26951

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability...

UBUNTU-CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

Moderate: Red Hat Security Advisory: librsvg2 security update

An update for librsvg2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

ALSA-2020:4709 Moderate: librsvg2 security update

The librsvg2 packages provide a Scalable Vector Graphics SVG library based on the libart library. Security Fixes: librsvg: Resource exhaustion via crafted SVG file with nested patterns CVE-2019-20446 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...