251 matches found
Improper neutralization of data URIs may allow XSS in Loofah
Summary Loofah = 2.1.0, = 2.19.1...
Stored XSS via Deserialization of Stylesheets
Description Diagram files can contain stylesheets which basically consist of key value pairs that influence the appearance of digram elements. When adding a stylesheet mxStylesheet element it is possible to execute JavaScript code when used in combination with the internal include element. Usuall...
GHSA-989H-WV8X-933P TYPO3 cross-site scripting (XSS)
The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting XSS attacks via a base64 encoded data URI, as demonstrated by the 1 returnUrl parameter to showrechis.php and...
PYSEC-2021-852
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
GHSA-55X5-FJ6C-H6M8 lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Impact The HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant context should upgrade to lxml 4.6.5. Patches The issue has been resolved in lxml 4.6.5...
Judge.me : Stored XSS in Public Profile Reviews
A stored XSS vulnerability was found in the public profile review section of a platform. Attackers could add a product description with a data URI XSS payload in HTML format, which would execute when a user clicked on the HTML tag. This could lead to the execution of arbitrary code in the victim'...
Mozilla Firefox Security Advisory (MFSA2015-141) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Qyrr < 0.7 - Authenticated (contributor+) Stored XSS
The plugin does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the datauritometa AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce available to users with a role ...
CVE-2020-1918
CVE-2020-1918 affects HHVM: reading memory prior to the in‑memory buffer via fopen on a data URI due to improper restriction of negative seeking. Affected versions include HHVM before 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The provided documents do not specify a final patched ve...
minify:minify-data-uri-fuzzer: Crash with empty stacktrace
Detailed Report: https://oss-fuzz.com/testcase?key=6587409154965504 Project: minify Fuzzing Engine: libFuzzer Fuzz Target: minify-data-uri-fuzzer Job Type: libfuzzerasanminify Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x0000074d94b4 Crash State: NULL Sanitizer: address ASAN...
Mail.ru: Data URI Stored XSS on Donations Page
XSS in donationalerts.com on donations page while previewing the text data:text/html;base64,PHNjcmlwdD5hbGVydCgiWFNTIEhlcmUiKTs8L3NjcmlwdD4K...
NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0003)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive...
CVE-2019-17000
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...
CVE-2019-17000
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...
Cross site scripting
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...
CVE-2019-11761
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox 70,...
DEBIAN-CVE-2019-11761
By using a form with a data URI it was possible to gain access to the privileged JSONView object that had been cloned into content. Impact from exposing this object appears to be minimal, however it was a bypass of existing defense in depth mechanisms. This vulnerability affects Firefox 70,...
CVE-2019-17000
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...
CVE-2019-17000
CVE-2019-17000 affects Firefox versions older than 70. A CSP bypass exists where an object tag with a data: URI did not inherit the parent document’s Content Security Policy in cross-origin frames, potentially allowing inline-script execution in protected documents. Root cause: CSP not correctly ...
CVE-2019-17000
An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...