98 matches found
Astra Linux - уязвимость в jqueryui
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...
Astra Linux - уязвимость в jqueryui
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now treated as a CSS...
Astra Linux - уязвимость в thunderbird, firefox
The date picker may partially obscure security prompts. A malicious site could use this feature to trick users into granting permissions. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...
CVE-2025-8082
A flaw was found in Vuetify's VDatePicker component. This vulnerability allows unsanitized HTML to be inserted into the page, leading to a Cross-Site Scripting XSS attack via the 'title-date-format' property accepting a user-created function and assigning its output to the 'innerHTML' property...
Cross-site Scripting (XSS)
Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...
GHSA-9W3X-85MW-4FWM Vuetify has a Cross-site Scripting (XSS) vulnerability in the VDatePicker component
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
EUVD-2025-203124
Vuetify has a Cross-site Scripting XSS vulnerability in the VDatePicker component...
Cross-site Scripting (XSS)
Overview vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the user's browser by...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vuetify is an a Material Design component framework for Vue.js. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title-date-format property in the VDatePicker component. An attacker can execute arbitrary scripts in the context of the...
CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker'
Improper neutralization of the title date in the 'VDatePicker' component in Vuetify, allows unsanitized HTML to be inserted into the page. This can lead to a Cross-Site Scripting XSS https://owasp.org/www-community/attacks/xss attack. The vulnerability occurs because the 'title-date-format'...
MAL-2025-190995 Malicious code in react-native-datepicker-modal (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 86014f2b55c2d58c217fd51ebbffc71cbc86fad9b13d443647f1cb11c19c7ade The package react-native-datepicker-modal was found to contain malicious code. Source: ghsa-malware...
EUVD-2025-199048
Malicious code in react-native-datepicker-modal npm...
EUVD-2012-2840
Malware in sbrugna...
EUVD-2023-0619
Malicious code in bioql PyPI...
EUVD-2025-27362
Malicious code in bioql PyPI...
CVE-2025-54111
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally...
CVE-2025-54111
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally...
CVE-2025-54111
CVE-2025-54111 is documented in the connected materials with concrete details: it involves a use-after-free in Windows UI XAML Phone DatePickerFlyout that can allow an attacker to elevate privileges locally. The NCSC-2025-0277 listing assigns a high severity (CVSS ~7.8–7.8 range) to CVE-2025-5411...
CVE-2025-54111 Windows UI XAML Phone DatePickerFlyout Elevation of Privilege Vulnerability
...
Linux Distros Unpatched Vulnerability : CVE-2024-7529
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The date picker could partially obscure security prompts. This could be used by a malicious site to trick a user into granting permissions. This vulnerability...