11 matches found
EUVD-2005-3041
Malware in sbrugna...
EUVD-2022-40760
Malicious code in bioql PyPI...
CVE-2025-26528
CVE-2025-26528 relates to Moodle’s drag-and-drop onto image (ddimageortext) question type. Multiple connected sources confirm a stored XSS risk that required additional sanitizing in this question type. The CVE description notes the need for sanitization to prevent stored XSS, and OSV/GHSA entrie...
CVE-2022-22756
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91....
CVE-2022-38163
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar...
USN-5284-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, obtain sensitive information, or execute arbitrary code. CVE-2022-0511,...
Information disclosure and local file manipulation through drag and drop — Mozilla
Security researcher Rafael Gieschke reported that file URIs dragged from a web page in Firefox to other software do not have their contents properly filtered before being passed to other programs, such as the local file manager. This can allow for the theft or manipulation of arbitrary local file...
Code injection
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site...
CVE-2005-3041
CVE-2005-3041 concerns Opera for Windows versions before 8.50. The issue is a drag‑and‑drop vulnerability described as an unspecified flaw that enables unintentional file uploads. The NVD entry lists a base score of 5.0 (Medium) with network attack vector, low complexity, and partial integrity im...
Microsoft Internet Explorer treats arbitrary files as images for drag and drop operations
Overview Microsoft Internet Explorer IE treats arbitrary files as images during drag and drop mouse operations. This could allow an attacker to trick a user into copying a file to a location where it may be executed, such as the Windows StartUp folder. Description IE treats any file referenced by...
CVE-2003-0823
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027...