Cross-site Scripting (XSS)

Overview org.webjars.npm:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to applying DOMPurify.isValidAttribute to data-trix-attachments before rendering them as anchor tags. An attacker can execute arbitrary JavaScript code within the...

PT-2025-25364

Name of the Vulnerable Software and Affected Versions Apple watchOS versions 11.3.1 and later Apple macOS Ventura versions 13.7.4 and later Apple iOS versions 15.8.4 and later Apple iPadOS versions 15.8.4 and later Apple iOS versions 16.7.11 and later Apple iPadOS versions 16.7.11 and later Apple...

CVE-2023-6211

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game. This vulnerability affects Firefox 120...

CVE-2023-34414

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...