Lucene search
+L

114 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2021/06/18 12:0 a.m.35 views

Security update for htmldoc (important)

openSUSE Security Update: Security update for htmldoc Announcement ID: openSUSE-SU-2021:0895-1 Rating: important References: 1184424 Cross-References: CVE-2021-20308 CVSS scores: CVE-2021-20308 NVD : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20308 SUSE: 3.3...

3.3CVSS8.6AI score0.02477EPSS
Exploits1References1
Node.js
Node.js
added 2019/11/29 5:39 p.m.23 views

Cross-Site Scripting

Overview Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim's browser. Recommendation Upgrade to version 2.5.6 or later. References - GitHub Security...

4.3CVSS5.1AI score0.00697EPSS
Exploits0Affected Software1
Prion
Prion
added 2019/11/22 7:15 p.m.16 views

Cross site request forgery (csrf)

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...

4.3CVSS6AI score0.00697EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/22 6:26 p.m.33 views

CVE-2019-16763 XSS in Pannellum from 2.5.0 through 2.5.4

In Pannellum from 2.5.0 through 2.5.4 URLs were not sanitized for data URIs or vbscript:, allowing for potential XSS attacks. Such an attack would require a user to click on a hot spot to execute and would require an attacker-provided configuration. The most plausible potential attack would be if...

4.8CVSS6.1AI score0.00697EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2019/11/22 6:18 p.m.106 views

Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript

Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim's browser. Recommendation Upgrade to version 2.5.6 or later...

6.1CVSS4.9AI score0.00697EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2019/11/22 6:18 p.m.12 views

GHSA-M52X-29PQ-W3VV Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript

Versions of pannellum prior to 2.5.6 are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize URLs for data URIs, which may allow attackers to execute arbitrary code in a victim's browser. Recommendation Upgrade to version 2.5.6 or later...

4.8CVSS6.2AI score0.00697EPSS
Exploits0References6
Veracode
Veracode
added 2019/05/02 5:51 a.m.35 views

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

10CVSS7.3AI score0.06058EPSS
Exploits1References22Affected Software1
OSV
OSV
added 2019/04/09 7:47 p.m.22 views

GHSA-QJ3F-9GMQ-FWV5 Cross-Site Scripting in simple-markdown

Versions of simple-markdown prior to 0.4.4 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization the package may render output containing malicious JavaScript. This vulnerability can be exploited through input of links containing data or VBScript URIs and a base64-encoded...

6.1CVSS6AI score0.01274EPSS
Exploits0References9
Veracode
Veracode
added 2019/04/09 7:30 a.m.22 views

Cross-Site Scripting (XSS)

simple-markdown is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via Data or Vbscript URIs, e.g data:text/html;base64,PHNjcmlwdD5hbGVydCgnaGknKTwvc2NyaXB0Pg==...

6.1CVSS5.9AI score0.01274EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2018/09/06 6:29 p.m.24 views

Open redirect

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

5.8CVSS6.2AI score0.03982EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2018/09/06 6:29 p.m.14 views

CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1CVSS6.2AI score0.03982EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2018/09/06 6:29 p.m.24 views

CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1CVSS6.6AI score0.03982EPSS
Exploits0References4
OSV
OSV
added 2018/09/06 6:29 p.m.22 views

CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2018/09/06 6:29 p.m.3 views

DEBIAN-CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1CVSS6.1AI score0.03982EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/09/06 6:0 p.m.29 views

CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1AI score0.03982EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2018/09/06 6:0 p.m.60 views

CVE-2018-1000671

sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site 'Open Redirect' vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's...

6.1CVSS6.4AI score0.03982EPSS
Exploits0
NVD
NVD
added 2018/06/04 7:29 p.m.23 views

CVE-2017-16006

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript...

6.1CVSS6.3AI score0.00977EPSS
Exploits1References2
Prion
Prion
added 2018/06/04 7:29 p.m.14 views

Design/Logic Flaw

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript...

4.3CVSS6.3AI score0.00977EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/06/04 7:29 p.m.47 views

CVE-2017-16006

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript...

6.1CVSS6.6AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.27 views

CVE-2017-16006

Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of data: URIs in links and can therefore execute javascript...

6.3AI score0.00977EPSS
Exploits1References2
Rows per page
Query Builder