30 matches found
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
EUVD-2025-204459
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-66501
Foxit pdfonline.foxit.com Predefined Text in Foxit eSign is affected by a stored XSS via the Identity field “First Name,” where unsanitized input is rendered into the DOM when predefined text is used or document properties are viewed. The description is consistently reported across CVE entries (N...
EUVD-2025-197648
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
CVE-2025-63701
A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUIx64ADVANTECH.dll v0.3.9200.20789 when DocumentPropertiesW is called with a valid dmDriverExtra value but an undersized output buffer. The driver incorrectly assumes the output buffer size matches the input buffe...
EUVD-2003-0658
Malware in sbrugna...
EUVD-2023-52911
Malicious code in bioql PyPI...
CVE-2023-48882
A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...
CVE-2023-48882
A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...
EyouCMS Security Vulnerability
Zanzan Network Technology EyouCms EyouCMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCMS v1.6.4-UTF8-SP1, which stems from a stored cross-site scripting XSS vulnerability in the Document Properties...
CVE-2023-48882
A stored cross-site scripting XSS vulnerability in EyouCMS v1.6.4-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Document Properties field at /login.php m=admin&c=Index&a=changeTableVal&ajax=1&lang=cn...
Cross-site Scripting (XSS) in Document Properties Parameter
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...
GHSA-476G-V7HF-CW5M Cross-site Scripting (XSS) in Document Properties Parameter
Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply this patch manually...
Microsoft Office: Encrypt document properties
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013encryptdocumentproperties.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Encrypt document properties Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This...
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window
Apple Webkit - Universal Cross-Site Scripting by Accessing a Named Property from an Unloaded Window document auto& htmlDocument = downcastdocument; auto atomicPropertyName = propertyName.publicName; if atomicPropertyName && htmlDocument.hasWindowNamedItematomicPropertyName JSValue namedItem; if...
Information disclosure
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager BPM 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results...