GHSA-7JVX-F994-RFW2 materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

Security Vulnerabilities fixed in Firefox ESR 91.9 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

Security Vulnerabilities fixed in Thunderbird 91.9 — Mozilla

When viewing an email message A, which contains an attached message B, where B is encrypted or digitally signed or both, Thunderbird may show an incorrect encryption or signature status. After opening and viewing the attached message B, when returning to the display of message A, the message A...

Security Vulnerabilities fixed in Firefox 100 — Mozilla

When reusing existing popups Firefox would have allowed them to cover the fullscreen notification UI, which could have enabled browser spoofing attacks. Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existin...

Mozilla Firefox 信息泄露漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an information disclosure vulnerability that stems from the browser behaving differently when loading CSS variables from known resources, which can be exploited by an...

Mozilla Firefox ESR < 91.9

The version of Firefox ESR installed on the remote Windows host is prior to 91.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-17 advisory. - Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safet...

Mozilla Firefox < 100.0

The version of Firefox installed on the remote Windows host is prior to 100.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-16 advisory. - Mozilla developers Gabriele Svelto, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

Cross site scripting

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

CVE-2022-25349

CVE-2022-25349 affects materialize-css: XSS caused by improper escaping of user input in the autocomplete component, allowing input such as to be parsed as HTML/JavaScript and executed in the DOM. Connected sources (Veracode, OSV, SNYK) confirm all versions are vulnerable with the root cause in ...

CVE-2022-25349

Removed by vendor...

CVE-2022-25349

All versions of package materialize-css are vulnerable to Cross-site Scripting XSS due to improper escape of user input such as not-a-tag / that is being parsed as HTML/JavaScript, and inserted into the Document Object Model DOM. This vulnerability can be exploited when the user-input is provided...

materialize-css 跨站脚本漏洞

materialize-css is a CSS framework based on Material Design. A security vulnerability exists in all versions of the materialize-css package that originates from user input being parsed as HTML/JavaScript and inserted into the Document Object Model DOM, which can be exploited by an attacker to...

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

Design/Logic Flaw

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

CVE-2022-29584

CVE-2022-29584 affects Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0. The issue is a stored XSS triggered when a specific embedly-related CSS class is used and JavaScript is constructed to perform an action. The available connected documents confirm the vulnerability and affected versions ...

CVE-2022-29584

Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets CSS class for embedly is used, and JavaScript code is constructed to perform an action...

Mahara 跨站脚本漏洞

Mahara is a free and open source web-based ePortfolio management system from Mahara. A cross-site scripting vulnerability previously existed in Mahara versions 20.10.5, 21.04.4, 21.10.2, and 22.04.0, which stemmed from a cross-site scripting vulnerability that the application allowed to be stored...