ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

Google Android security vulnerabilities

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from click-jacking/cross-scripting attacks involving multiple functions in WindowState.java, potentially leading to local privilege escalatio...

CVE-2026-26000 XWiki Platform affected by click-jacking through CSS injection in comments

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

CVE-2026-26000

CVE-2026-26000 : XWiki Platform is vulnerable to CSS-injection in comments that can transform the entire wiki UI into a clickable link area leading to a malicious page. Affected versions are prior to 17.9.0, 17.4.6, and 16.10.13. The root cause is a comment-based CSS injection that enables a clic...

GHSA-74RH-C5RH-88VG XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

MiracleLinux 9 : thunderbird-102.12.0-1.el9.ML.1 (AXSA:2023-6084:17)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6084:17 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

MiracleLinux 8 : firefox-102.12.0-1.el8.ML.1 (AXSA:2023-6166:23)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6166:23 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

MiracleLinux 7 : firefox-102.12.0-1.0.1.el7.AXS7 (AXSA:2023-6069:20)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6069:20 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

MiracleLinux 9 : firefox-102.12.0-1.el9.ML.1 (AXSA:2023-6074:21)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6074:21 advisory. Mozilla: Click-jacking certificate exceptions through rendering lag CVE-2023-34414 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR...

EUVD-2010-2231

Malware in sbrugna...

EUVD-2018-1178

Malware in sbrugna...

EUVD-2017-3831

Malware in sbrugna...

EUVD-2018-1149

Malware in sbrugna...

EUVD-2016-9369

Malware in sbrugna...

EUVD-2022-4494

Malicious code in bioql PyPI...

Click Jacking

Firefox is vulnerable to Click Jacking. The vulnerability is caused due to a bug in popup notifications delay calculation. This can make it possible for an attacker to trick a user into granting permissions...

Click Jacking

Firefox is vulnerable to Click Jacking. The vulnerability is caused due to the fact that the timing of a button click causing a popup to disappear is approximately the same length as the anti-clickjacking delay on permission prompts. An attacker can exploit this to surprise users by luring them t...

Click Jacking

firefox is vulnerable to Click Jacking. The vulnerability is caused due to black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. This can be exploited to make users click where the permission grant button would be about to appear...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...