CVE-2026-25581 SCEditor affected by DOM XSS via emoticon URL/HTML injection

SCEditor is a lightweight WYSIWYG BBCode and XHTML editor. Prior to 3.2.1, if an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration option...

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

EUVD-2014-2031

Malware in sbrugna...

EUVD-2014-3641

Malware in sbrugna...

SUSE CVE-2010-0013

Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. dot dot in an application/x-msnmsgrp2p MSN emoticon aka custom smiley request, a related issue to CVE-2004-0122. NOTE: it cou...

SUSE CVE-2010-1624

The msnemoticonmsg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote authenticated users to cause a denial of service NULL pointer dereference and application crash via a custom emoticon in a malformed SLP message...

SUSE CVE-2013-6489

Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service segmentation fault via a crafted emoticon value, which triggers an integer overflow and a buffer overflow...

SUSE CVE-2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via a large length value in an emoticon response...

Directory Traversal

pidgin is vulnerable to directory traversal. The vulnerability exists as a remote attacker could send a specially-crafted emoticon image download request that would cause Pidgin to disclose an arbitrary file readable to the user running Pidgin...

Denial Of Service (DoS)

pidgin is vulnerable to denial of service. A remote attacker could flood the victim with emoticon images during mutual communication, leading to excessive CPU use...

Denial Of Service (DoS)

Pidgin is vulnerable to denial of service attacks. A remote unauthenticated attacker could exploit the vulnerable libpurple library to cause denial of service conditions via a large length value in an emoticon response...

Chaturbate: Stored XSS in chat topic due to insecure emoticon parsing on any message type

Description The funcitonality for adding emoticons into the chat from the serverside perspective is based on a string in the following format: %%%emoticon NAME|EMOTICONURL|WIDTH|HEIGHT|REPORTURL%%% The EMOTICONURL must conform to the following regex: javascript...

Chaturbate: CSRF in REPORT EMOTICON feature

The hacker found that the report emoticon endpoint did not check the csrf token. This was resolved. Users can report to emoticons on the the basis of the expressions but the request made to https://chaturbate.com/emoticonreportabuse/emoticonname was a GET request which was not protected by CSRF...

pidgin: crash in Mxit protocol plug-in

A denial of service flaw was found in the way Pidgin's Mxit plug-in handled emoticons. A malicious remote server or a man-in-the-middle attacker could potentially use this flaw to crash Pidgin by sending a specially crafted emoticon...

EulerOS 2.0 SP2 : pidgin (EulerOS-SA-2017-1131)

According to the version of the pidgin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via ...

Emoticon pack, Pink pig - Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Emoticon pack, Pink pig published at the 'play' market has multiple vulnerabilities...

Emoticon pack, Smiley Face - Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Emoticon pack, Smiley Face published at the 'play' market has multiple vulnerabilities...

Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability

Talos Vulnerability Report VRT-2014-0203 Pidgin libpurple Mxit Emoticon ASN Length Denial of Service Vulnerability November 6, 2014 CVE Number CVE-2014-3695 Description An exploitable denial of service vulnerability exists in Pidgin’s implementation of the Mxit protocol in the libpurple library. ...

CVE-2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via a large length value in an emoticon response...

CVE-2014-3695

markup.c in the MXit protocol plugin in libpurple in Pidgin before 2.10.10 allows remote servers to cause a denial of service application crash via a large length value in an emoticon response...