26 matches found
SUSE-SU-2026:21612-1 Security update for php8
This update for php8 fixes the following issues - CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection bsc1264778. - CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in...
Exploit for Cross-site Scripting in Typo3 Html_Sanitizer
Stored XSS exploit in TYPO3 HTML Sanitizer CVE-...
The vulnerability of Google Chrome, related to insufficient validation of input data, allows a hacker to execute a spear-phishing attack or cause a service failure.
The vulnerability of Google Chrome relates to insufficient validation of input data during the processing of DOM elements. Exploiting this vulnerability allows a remote attacker to execute a spear-phishing attack or cause a service failure...
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager content and media data management system lies in the insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the web page structure when processing DOM elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
BIT-TYPO3-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
GHSA-MM79-JHQM-9J54 Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Solution Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the proble...
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
CVSS: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.4 Problem DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. Solution Update to typo3/html-sanitizer versions 1.5.3 or 2.1.4 that fix the proble...
CVE-2023-47125
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
Cross site scripting
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
CVE-2023-47125 By-passing Cross-Site Scripting Protection in HTML Sanitizer
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versio...
TYPO3 Security Vulnerabilities
TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 that stems from DOM processing instructions not being handled correctly, allowing bypassing the cross-site scripting mechanism of...
TYPO3 8.7.42 < 8.7.55 ELTS / 9.5.29 < 9.5.44 ELTS / 10.4.19 < 10.4.41 ELTS / 11.3.2 < 11.5.33 / 12.0.0 < 12.4.8 XSS (TYPO3-CORE-SA-2023-007)
The version of TYPO3 installed on the remote host is prior to 8.7.42 8.7.55 ELTS / 9.5.29 9.5.44 ELTS / 10.4.19 10.4.41 ELTS / 11.3.2 11.5.33 / 12.0.0 12.4.8. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2023-007 advisory. - DOM processing instructions are not...
SUSE CVE-2013-6635
Use-after-free vulnerability in the editing implementation in Blink, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that triggers removal of a node during processing of the DOM tree,...
Google Chrome < 21.0.1180.60 Multiple Vulnerabilities
Binary data 800901.prm...