31 matches found
EUVD-2017-14493
Malware in sbrugna...
EUVD-2025-18105
Malicious code in bioql PyPI...
EUVD-2024-1019
Malicious code in bioql PyPI...
EUVD-2023-1699
Malicious code in bioql PyPI...
FreeBSD : Firefox -- content injection attack (a3291f81-3d7c-11f0-9a55-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a3291f81-3d7c-11f0-9a55-b42e991fc52e advisory. [email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have...
CVE-2025-5271
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...
CVE-2025-5271 Devtools' preview ignored CSP headers
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...
CVE-2025-5271 Devtools' preview ignored CSP headers
Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks. This vulnerability was fixed in Firefox 139 and Thunderbird 139...
CVE-2025-5271
Summary : CVE-2025-5271 corresponds to a vulnerability where Devtools’ preview of responses failed to enforce CSP headers, potentially enabling content-injection attacks. The public records indicate affected products include Mozilla Firefox version prior to 139 and Mozilla Thunderbird prior to 13...
Firefox -- content injection attack
[email protected] reports: Previewing a response in Devtools ignored CSP headers, which could have allowed content injection attacks...
PT-2025-22996
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 139 Description The issue involves previewing a response in Devtools ignoring CSP headers, potentially allowing content injection attacks. Recommendations For versions prior to 139, update to version 139 or later to...
CVE-2024-29896
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...
ROS-20250121-03
Vulnerability The contentsecuritypolicy function of the Ruby interpreter's Action Pack extension is related to a vulnerability in the dynamically set Content-Security-Policy CSP headers. Content-Security-Policy CSP dynamically set headers vulnerability. Exploitation The vulnerability could allow ...
GHSA-W387-5QQW-7G8M Content-Security-Policy header generation in middleware could be compromised by malicious injections
Impact When the following conditions are met: - Automated CSP headers generation for SSR content is enabled - The web application serves content that can be partially controlled by external users Then it is possible that the CSP headers generation feature might be "allow-listing" malicious inject...
CVE-2024-29896
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...
CVE-2024-29896 Astro-Shield's Content-Security-Policy header generation in middleware could be compromised by malicious injections
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...
CVE-2024-29896
CVE-2024-29896 affects the Astro-Shield library. The vulnerability stems from automated CSP header generation for SSR content, where the CSP header may inadvertently allowlisting malicious injected resources (e.g., inlined or external scripts) when content can be partially controlled by external ...
Are HTTP Content-Security-Policy (CSP) Headers Sufficient to Secure Your Client Side?
Modern web frameworks have shifted business logic from the server side to the client side web browser, enhancing performance, flexibility, and user experience. However, this move introduces security and privacy concerns, as exposing sensitive logic and data can lead to vulnerabilities like code...
CVE-2023-43657 Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting XSS issue when a site has content security policy CSP headers disabled. Having CSP disabled is a non-default configuration...
CVE-2023-43657 Improper escaping of encrypted topic titles can lead to Cross-site Scripting under non-default site configuration
discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting XSS issue when a site has content security policy CSP headers disabled. Having CSP disabled is a non-default configuration...