Lucene search
K

5 matches found

CVE
CVE
added 2026/05/08 3:45 p.m.10 views

CVE-2026-41886

CVE-2026-41886 affects locize client SDK prior to 4.0.21. The issue is missing validation of event.origin in a window.addEventListener("message", …) handler, allowing an attacker-controlled postMessage to trigger internal handlers (editKey, commitKeys, isLocizeEnabled, etc.). Exploitation require...

7.5CVSS5.8AI score0.00101EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 8:32 p.m.16 views

locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

Summary Versions of the locize client SDK the browser module that wires up the locize InContext translation editor prior to 4.0.21 register a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled,...

7.5CVSS5.7AI score0.00101EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2021/11/11 12:0 a.m.51 views

Mozilla Firefox Security Advisory (MFSA2013-106) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

4.3CVSS9.5AI score0.03402EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2013/12/16 12:0 a.m.42 views

FreeBSD : mozilla -- multiple vulnerabilities (dd116b19-64b3-11e3-868f-0025905a4771)

The Mozilla Project reports : MFSA 2013-116 JPEG information leak MFSA 2013-105 Application Installation doorhanger persists on navigation MFSA 2013-106 Character encoding cross-origin XSS attack MFSA 2013-107 Sandbox restrictions not applied to nested object elements MFSA 2013-108 Use-after-free...

10CVSS7.8AI score0.11076EPSS
Exploits13References31
RedHat Linux
RedHat Linux
added 2013/12/11 5:26 a.m.22 views

Mozilla: Character encoding cross-origin XSS attack (MFSA 2013-106)

Cross-site scripting XSS vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Origin Policy violation triggered by lack of a charset parameter in a Content-Type HTTP header...

4.3CVSS7AI score0.03402EPSS
Exploits1References5
Rows per page
Query Builder