CVE-2025-13836

CVE-2025-13836 affects Python CPython: when reading an HTTP response with no explicit read amount, the client may default to Content-Length, enabling a malicious server to cause excessive data buffering and potential OOM/DoS. Public advisories confirm fixes in multiple distributions and versions ...

CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type

XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page...

PT-2024-27349 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.2.3 Discourse versions prior to 3.3.0.beta3 Description: The issue arises from improperly sanitized Onebox data, which could lead to an XSS vulnerability in certain situations. This vulnerability only affects...

SUSE CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

K51110104: XSS vulnerabilities CVE-2010-5312 and CVE-2012-6662

Security Advisory Description CVE-2010-5312 Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option. CVE-2012-6662 Cross-site scripting XSS vulnerability in th...

CVE-2021-23010

On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and 12.1.x before 12.1.5.3, when the BIG-IP ASM/Advanced WAF system processes WebSocket requests with JSON payloads using the default JSON Content Profile in the ASM Security Policy, the BIG-...

jquery-ui: XSS vulnerability in default content in Tooltip widget

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

DEBIAN-CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

UBUNTU-CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

CVE-2009-3779

Cross-site scripting XSS vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the themevcard function to a theme and the use of default content...