122 matches found
EUVD-2010-0209
Malware in sbrugna...
EUVD-2012-4342
Malware in sbrugna...
EUVD-2011-2756
Malware in sbrugna...
EUVD-2010-1447
Malware in sbrugna...
Moodle has a stored XSS in ddimageortext question type
The drag-and-drop onto image ddimageortext question type required additional sanitizing to prevent a stored XSS risk...
GHSA-6HR3-44GX-G6WH Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...
Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
CVE-2023-25727
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...
phpMyAdmin -- XSS vulnerability in drag-and-drop upload
phpMyAdmin Team reports: PMASA-2023-1 XSS vulnerability in drag-and-drop upload...
USN-5824-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...
USN-5782-2: Firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use th...
CVE-2022-46147
CVE-2022-46147 concerns the Drag and Drop XBlock v2 used with Open edX. The vulnerability is an XSS issue in multiple XBlock Fields that affects versions prior to 3.0.0. The 3.0.0 release contains a patch to address the issue. There are no explicit exploit details or known workarounds reported in...
Mozilla Firefox Remote Code Execution Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A remote code execution vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to execut...
Mozilla Firefox Input Validation Error Vulnerability (CNVD-2023-68216)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. The input validation error vulnerability exists in Mozilla Firefox due to a lack of restriction and filtering of extensions in the drag-and-drop image feature. The vulnerability can be exploited to...
Microweber post title denial of service vulnerability
Microweber is a drag-and-drop online store management system from the Microweber community in the United States. A denial of service vulnerability exists in versions of Microweber prior to 1.2.12. The vulnerability stems from the fact that the application allows large characters to be inserted in...
microweber has an unspecified vulnerability (CNVD-2022-13203)
Microweber is an online store management system from the US Microweber community that provides drag-and-drop functionality. The system includes modules for adding products, images, etc. Microweber has a security vulnerability, and no details of the vulnerability are available at this time...
ROS-20220210-01
A vulnerability in Mozilla Thunderbird email client and Firefox browser is related to incorrect handling of extension updates. Exploitation of the vulnerability could allow an attacker acting remotely to trick the victim into install a particular type of browser extension and, during automatic...
CVE-2022-22756
The Mozilla Foundation Security Advisory describes this flaw as: If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script, which would have run arbitrary code after the user clicked it...
Mozilla Firefox < 97.0
The version of Firefox installed on the remote Windows host is prior to 97.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-04 advisory. - Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firef...