196 matches found
CVE-2025-1935
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
CVE-2025-1935
CVE-2025-1935 is described in connected advisories as a UI/protocol-handler spoof affecting Firefox and Thunderbird before versions 136 (Firefox) / 128.8 (Firefox ESR) and before 136 (Thunderbird) / 128.8 (Thunderbird). The issue allows a malicious web page to coax a user into setting that site a...
CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar
A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...
Security Vulnerabilities fixed in Thunderbird 136 — Mozilla
Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could hav...
Security Vulnerabilities fixed in Firefox ESR 128.8 — Mozilla
In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...
"Shonen Jump+" App for Android fails to restrict custom URL schemes properly
Overview "Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Toshiki Iwasaki of Mitsui Buss...
JVN#08430039: "Shonen Jump+" App for Android fails to restrict custom URL schemes properly
"Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...
CVE-2024-54014
CVE-2024-54014 affects the Skylark App for Android (≤ 6.2.13) and iOS (≤ 6.2.13). The issue is an improper authorization in the handler for the app’s Custom URL Scheme, which could cause the app to load an arbitrary web site via another application on the device. According to the sources, the vul...
CVE-2024-51930
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...
CVE-2024-51930 WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6...
CVE-2024-51930
CVE-2024-51930 affects the WordPress plugin Custom URL Shortener, specifically versions
CVE-2024-51930 WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...
WordPress plugin Custom URL Shortener 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
CVE-2024-51486
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...
UBUNTU-CVE-2024-51490
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...
CVE-2024-51486 Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...
CVE-2024-51486
Ampache (web-based audio/video streaming app and file manager) has a Stored Cross-Site Scripting vulnerability in the interface menu’s Custom URL - Favicon field. The input is not properly sanitized, allowing JavaScript execution. The issue is mitigated by upgrading to version 7.0.1, which is the...
CVE-2024-51490 Stored Cross-Site Scripting in Ampache
Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...
Ampache 跨站脚本漏洞
Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site scripting vulnerability exists in Ampache version 7.0.1, which originates from a user being able to change the Custom URL - Logo in the interface section of the Ampache menu...
Ampache 跨站脚本漏洞
Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site scripting vulnerability exists in Ampache version 7.0.1, which originates from a user being able to change the Custom URL - Favicon in the interface section of the Ampache menu...