5256 matches found
Changing Employee Security Behavior Takes More Than Simple Awareness
Security awareness rarely leads to sustained behavior change on its own, according to a recent analysis – meaning that organizations need to proactively develop a robust “human-centered” security program to reduce the number of security incidents associated with poor security behavior. According ...
MISP 安全漏洞
MISP is an open source software solution for collecting, storing, distributing and sharing cybersecurity metrics and threats related to cybersecurity event analysis and malware analysis. An ACL checking deficiency vulnerability exists in MISP versions prior to 2.4.135 related to...
Cross-Site Scripting (XSS)
firefox is vulnerable to cross-site scripting XSS. An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user's browser...
CVE-2020-26956
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in FireFox versions prior to FireFox 83, which stems from the fact that when listening for page changes using a mutation observer, a malicious web page may cause Firefox...
UBUNTU-CVE-2020-26967
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability...
The vulnerability of the FXOS operating system, which arises due to the failure to address the issue of eliminating special elements, allows a hacker to execute arbitrary commands with root privileges.
The vulnerability of the FXOS operating system exists due to the lack of measures taken to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows an attacker to execute arbitrary commands with root privileges...
The vulnerability of the command-line interface of the FXOS operating system allows a hacker to execute arbitrary code with root privileges.
The vulnerability of the command-line interface of the FXOS operating system exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command line. Exploiting this vulnerability allows a perpetrator to execute arbitrary code with root privileges...
Cross-Site Scripting in scratch-svg-renderer
Overview This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008. The loadString function does not escape SVG properly, which can be used to inject arbitrary elements into the DOM via the transformMeasurements function. Recommendation Upgrade to version...
The vulnerability of the jQuery library arises from insufficient cleaning of data provided by users when elements of the <option> type are passed. This allows attackers to perform cross-site scripting attacks.
The vulnerability of the jQuery library exists due to insufficient cleaning of the data provided by the user when elements with the tag are passed to jQuery’s DOM methods. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
CVE-2019-8754
CVE-2019-8754 describes a cross-origin iframe issue in macOS components. The root cause is a cross-origin security origins tracking flaw that could allow a malicious HTML document to render iframes containing sensitive user information. Apple patched this in macOS Catalina 10.15.1 and Security Up...
The vulnerability of the WildFly application server in Java, related to errors in the implementation of security checks for standard elements, allows attackers to compromise the confidentiality and integrity of protected information.
The vulnerability of the WildFly application server relates to errors in the implementation of security checks for standard elements. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...
The vulnerability of the FortiSIEM Windows Agent security management system lies in the absence of quotation marks around elements or search paths in the code. This allows attackers to escalate their privileges.
The vulnerability of the FortiSIEM Windows Agent security management system is related to the absence of quotation marks in the syntax of certain elements or search paths. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
Cross site scripting
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A...
The vulnerability of the Cisco IOS XE operating system, related to the lack of measures to neutralize special elements used in the operating system’s commands, allows a perpetrator to increase their privileges and execute arbitrary code.
The vulnerability of the Cisco IOS XE operating system is related to the lack of measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
Oracle Linux 8 : thunderbird (ELSA-2020-4155)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-4155 advisory. 78.3.1-1.0.1 - Update to 68.12.0 build1 78.3.1-1 - Update to 78.3.1 build1 78.3.0-3 - Update to 78.3.0 build1 - Remove librdp.so as long as we cannot...
CVE-2020-15676
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...
Information Disclosure
webkitgtk4 is vulnerable to information disclosure. The vulnerability exists through the drawing of web page elements that causes browsing history to be revealed...