8505 matches found
ux 跨站脚本漏洞
ux is a Symfony open source JavaScript ecosystem for Symfony. A cross-site scripting vulnerability exists in versions of ux prior to 2.25.1, which stems from unescaped attribute values and could lead to HTML attribute injection and cross-site scripting attacks...
PT-2025-22110 · Symfony · Symfony/Ux-Live-Component +1
Name of the Vulnerable Software and Affected Versions: symfony/ux-twig-component versions prior to 2.25.1 symfony/ux-live-component versions prior to 2.25.1 Description: The issue concerns the rendering of attributes or the use of methods that return a ComponentAttributes instance, which can lead...
CVE-2025-3516
The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts like those with the contributor role to conduct Stored XSS attacks...
CVE-2025-3742
The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
OESA-2025-1532 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
OESA-2025-1530 python-jinja2 security update
Jinja2 is one of the most used template engines for Python. It is inspired by Django's templating system but extends it with an expressive language that gives template authors a more powerful set of tools. On top of that it adds sandboxed execution and optional automatic escaping for applications...
Decentralized Multi-Authority Attribute-Based Inner-Product Functional Encryption: Noisy and Evasive Constructions from Lattices
We study multi-authority attribute-based functional encryption for noisy inner-product functionality, and propose two new primitives: 1 multi-authority attribute-based noisy inner-product functional encryption MA-ABNIPFE, which generalizes existing multi-authority attribute-based IPFE schemes by...
AlmaLinux 9 : thunderbird (ALSA-2025:4460)
The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:4460 advisory. firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-40...
CVE-2024-3901
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts like those with the contributor role to conduct Stored XSS attacks...
CVE-2024-3901 Genesis Blocks <= 3.1.3 - Contributor+ Stored XSS
The Genesis Blocks WordPress plugin through 3.1.3 does not properly escape attributes provided to some of its custom blocks, making it possible for users allowed to write posts like those with the contributor role to conduct Stored XSS attacks...
CVE-2024-3901
The WordPress Genesis Blocks plugin (versions 3.1.3 and earlier) is affected by a stored XSS vulnerability in which attributes passed to certain custom blocks are not properly escaped. This can allow users with post-writing permissions (e.g., Contributor) to inject malicious scripts that persist ...
firefox: thunderbird: Unsafe attribute access during XPath parsing
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...
firefox: thunderbird: Unsafe attribute access during XPath parsing
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.twbs:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page...
Cross-site Scripting (XSS)
Overview org.webjars:bootstrap is a WebJar for Bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages by...
Cross-site Scripting (XSS)
Overview org.webjars.bower:bootstrap is a popular front-end framework for faster and easier web development. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An...
Cross-site Scripting (XSS)
Overview org.webjars.npm:bootstrap is a WebJar for bootstrap. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tooltip and Popover components due to improper neutralization of input during web page generation. An attacker can manipulate the output of web pages ...
CVE-2025-1647 XSS in Bootstrap title attribute for Tooltip and Popover
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0...
CVE-2025-1647
CVE-2025-1647 is an XSS vulnerability in Bootstrap affecting 3.4.1 up to 4.0.0, due to improper input neutralization in the Popover and Tooltip components. Several sources confirm affected versions and public advisories (Debian DLA-4204-1, GHSA advisory, Debian security tracker, and CVE records)....