27 matches found
EUVD-2020-21454
Malware in sbrugna...
CVE-2021-20843
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted...
RHEL 7 : rest (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data...
USN-5585-1 jupyter-notebook vulnerabilities
It was discovered that Jupyter Notebook incorrectly handled certain notebooks. An attacker could possibly use this issue of lack of Content Security Policy in Nbconvert to perform cross-site scripting XSS attacks on the notebook server. This issue only affected Ubuntu 18.04 LTS. CVE-2018-19351 It...
GHSA-9XFC-J5MF-9W5P JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion XSSI attack...
CVE-2021-20843
The CVE-2021-20843 affects Yamaha routers (RTX830, NVR510, NVR700W, RTX1210). Root cause: Cross-site script inclusion in the Web GUI that can allow an authenticated user to alter settings via a crafted page. Verified fixes are firmware updates: RTX830 Rev.15.02.20; NVR510 Rev.15.01.21; NVR700W Re...
CVE-2021-20797
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
Cross site scripting
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
CVE-2021-20797
CVE-2021-20797 is a cross-site script inclusion vulnerability in the Cybozu Remote Service management UI (CWE-829) affecting Cybozu Remote Service versions around 3.1.8 (and 3.1.9 per related documentation). The issue allows a remote authenticated attacker to obtain information stored in the prod...
CVE-2021-20797
Cross-site script inclusion vulnerability in the management screen of Cybozu Remote Service 3.1.8 allows a remote authenticated attacker to obtain the information stored in the product. This issue occurs only when using Mozilla Firefox...
JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service
Cybozu Remote Service provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-525 Cross-site request forgery vulnerability in the management screen CWE-352 - CVE-2021-20795 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N| Base Score:...
Important: thunderbird
Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...
Design/Logic Flaw
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...
CVE-2020-26958
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...
CVE-2020-26958
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...
CVE-2020-26958
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...
CVE-2020-29072
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...
Cross site scripting
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...
CVE-2020-29072
A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...
CVE-2020-29072
LiquidFiles versions prior to 3.3.19 have a Cross-Site Script Inclusion vulnerability in client-side code. Exploitation requires user interaction (opening a link) and could lead to leakage of encrypted e-mail content via messages/sent?format=js and popup?format=js. Affected product: LiquidFiles p...