Cross Site Scripting vulnerability allows injecting HTML code into table edits

h3. Issue Summary Cross Site Scripting vulnerability allows injecting HTML code into table edits h3. Steps to Reproduce Edit a page Then access the Insert macro 'Info' option. A new window will open, in which the Preview option must be selected. With the help of an intermediate proxy such as burp...

CVE-2021-23983

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 87...

UBUNTU-CVE-2021-23983

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could have been applied, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox 87...

Mozilla Firefox < 87.0

"The version of Firefox installed on the remote Windows host is prior to 87.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-10 advisory. - Mozilla developers Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 86. Some of these...

The vulnerability of the Google Chrome browser’s CSS component relates to the use of memory areas after they are freed. This allows attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the Google Chrome browser’s CSS component is related to the use of a memory area after it is freed. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions...

Updated roundcubemail package fixes security vulnerability

This update fixes cross-site scripting XSS via HTML messages with malicious CSS content CVE-2021-26925...

@duetds/angular (>=5.0.2 <=5.0.3), @duetds/components (>=5.0.2 <=5.0.3) +2 more potentially affected by CVE-2021-23356 via kill-process-by-name (=1.0.5)

kill-process-by-name NPM version =1.0.5 is affected by a known vulnerability. The following packages have a transitive dependency on kill-process-by-name and may be impacted: - @duetds/angular =5.0.2, =5.0.2, =1.7.20, =5.0.2, =5.0.3 Source cves: CVE-2021-23356 Source advisory:...

KLA12092 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be exploited to execute arbitrary code. 2. A...

KLA12091 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A memory safety vulnerability can be exploited to execute arbitrary code. 2. A...

[SECURITY] Fedora 32 Update: roundcubemail-1.4.11-1.fc32

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Roundcube Webmail < 1.4.11 XSS Vulnerability

Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-26973

The Mozilla Foundation Security Advisory describes this flaw as: Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass...

Cross-site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript...

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

UBUNTU-CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

CVE-2021-26925

CVE-2021-26925 affects Roundcube Webmail prior to 1.4.11, enabling cross-site scripting via crafted CSS token sequences while rendering HTML emails. Public advisories (Mageia/Fedora) confirm the fix in 1.4.11. Remediate by upgrading Roundcube to 1.4.11 or newer; exploitation status is not describ...

Roundcube Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions prior to Roundcube 1.4.11, which can be exploited by an attacker with carefully constructed CSS displayed in an HTML email...

Updated messagelib packages fix a security vulnerability

In KDE KMail, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended...