21 matches found
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
SUSE CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
Withdrawn Advisory This advisory has been withdrawn because the vendor reports that some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Original Advisory An HTML injection...
GHSA-QV4X-V2V4-F8P9 Withdrawn Advisory: Kirby CMS HTML injection vulnerability
Withdrawn Advisory This advisory has been withdrawn because the vendor reports that some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. Original Advisory An HTML injection...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Design/Logic Flaw
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26482
An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting such as with an H1 element is allowed, but there is backend sanitization such that the reporter's mentioned "injecti...
CVE-2024-26484
A stored cross-site scripting XSS vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CM...
PT-2024-21401 · Kirby Cms · Kirby Cms
Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: A stored cross-site scripting XSS vulnerability in the Edit Content Layout module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. The vendor's...
PT-2024-21399 · Kirby Cms +1 · Kirby Cms +1
Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: An HTML injection issue exists in the Edit Content Layout module. The vendor disputes the significance of this report, stating that some HTML formatting is allowed and backend sanitization prevents the...
Access Restriction Bypass
Overview github.com/snapcore/snapd/interfaces/builtin is a tool enabling systems to work with .snap files Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the...
[SECURITY] Fedora 29 Update: drupal7-ds-2.16-1.fc29
Display Suite allows you to take full control over how your content is disp layed using a drag and drop interface. Arrange your nodes, views, comments, user data etc. the way you want without having to work your way through dozens of tem plate files. A predefined list of layouts D7 only is...
CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."...
CVE-2008-3444
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted but well-formed web page that contains "a simple set of legitimate HTML tags."...