3 matches found
Allocation of Resources Without Limits or Throttling
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the fetch adapter when finite size limits are configured but not enforced. An attacker can exhaust server resource...
GHSA-6GH2-Q7CP-9QF6 Open WebUI has Stored Cross-Site Scripting In Profile Picture
Summary The profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters: 1. data:text/html;base64,... in a new browser tab raresvis, 2025-04-17 — when a vict...
Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2015-08332)
Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A security vulnerability exists in Mozilla Firefox versions prior to 43.0 and Firefox ESR version...