CVE-2026-35542

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

PT-2026-29981

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross-Site Scripting (XSS)

dolibarr/dolibarr is vulnerable to cross-site scripting XSS. The vulnerability exists in object details that allow XSS payloads in the onpointermove attribute of a BODY element...

UBUNTU-CVE-2021-33618

Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by and characters in the onpointermove attribute of a BODY element to the user-management feature...

PT-2021-20233 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP and CRM version 13.0.2 Description: The issue allows for stored cross-site scripting XSS in the object details of the user-management feature. This can be demonstrated by using and characters in the onpointermove attribute of a...

UBUNTU-CVE-2014-1720

Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes...

Microsoft Internet Explorer Body元素内存破坏漏洞(MS11-081)

BUGTRAQ ID: 49965 CVE ID: CVE-2011-2000 Microsoft Internet Explorer简称MSIE，是微软公司推出的一款网页浏览器。 IE在处理Body元素时在实现上存在内存破坏漏洞，远程攻击者可利用此漏洞远程代码或导致拒绝服务。 Microsoft Internet Explorer 9.x Microsoft Internet Explorer 8.x Microsoft Internet Explorer 7.x Microsoft Internet Explorer 6.x 临时解决方法：...

PYSEC-2010-1

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

CVE-2010-2480

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

Apple Safari 'background' Remote Denial Of Service Vulnerability

This host is installed with Apple Safari Web Browser and is prone to to Denial of Service vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafaricfnetworkbackgrounddosvuln.nasl 7174 2017-09-18 11:48:08Z asteins $ Apple Safari 'background' Remote Denial Of Service Vulnerability Authors: Ant...

CVE-2009-2044

Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service application crash via a URI for a large GIF image in the BACKGROUND attribute of a BODY element...

Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability (Windows)

The host is installed with Mozilla Firefox browser and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxkeygendosvulnwin.nasl 4865 2016-12-28 16:16:43Z teissa $ Mozilla Firefox 'keygen' HTML Tag DOS Vulnerability Windows Authors: Antu Sanadi Copyright: Copyrig...

PT-2009-2774 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6.0 through 8.0 beta2 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by using an onload attribute with a specific value,...

Buffer overflow

Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy formerly Verity KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with 1 "large chunks of data," or a long URL in the 2 BACKGROUND attribute of a BO...

Hung it to the way and the system determines whether the code-vulnerability warning-the black bar safety net

A:The frame hanging horse iframe src=address width=0 height=0/iframe II:the js file hanging horse First, the following code document. write"iframe width='0' height='0' src='address'/iframe"; 保存 为 xxx.js that The JS hung it to the code script language=javascript src=xxx. js/script Three:js...

CVE-2007-1161

Cross-site scripting XSS vulnerability in callentry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problemdesc parameter, as demonstrated by the ONLOAD attribute of a BODY element...