6 matches found
XWiki Platform Distribution Flavor Main - Cross-Site Scripting
XWiki Platform Distribution Flavor Main versions prior to 17.6.0 are vulnerable to reflected cross-site scripting XSS due to improper sanitization of user-supplied input in the extensionId parameter. An attacker can exploit this issue by injecting malicious JavaScript, which will be executed in t...
Linux Distros Unpatched Vulnerability : CVE-2026-13891
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer...
DEBIAN-CVE-2026-13999
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...
SUSE CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...
NCH Axon PBX 跨站脚本漏洞
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. A cross-site scripting vulnerability exists in NCH Axon PBX, which stems from the failure of the product's extension name to properly filter special characters in input data, and can be exploited to execut...
javascript: URLs in chrome documents (MFSA 2011-08)
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...