Lucene search
K

49 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Thunderbird

When receiving an HTML email that instructed to load an iframe element from a remote location, a request was sent to the remote document. However, Thunderbird did not display the document. This vulnerability affects Thunderbird versions 102.2.1 and Thunderbird 91.13.1...

4.3CVSS6.6AI score0.00529EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When injecting an HTML base element, some requests will ignore the CSP’s base-uri settings and instead accept the base-uri setting of the injected element. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

6.1CVSS6.9AI score0.00877EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 9:18 p.m.19 views

Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 9:18 p.m.6 views

GHSA-3V85-FQVH-7RXF Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

4.8CVSS5.9AI score
Exploits0References3
Trellix
Trellix
added 2026/03/11 12:0 a.m.30 views

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Niranjan Hegde and Sijo Jacob · June 14, 2023 This blog was also written by Mathanraj Thangaraju Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitiv...

7.4AI score
Exploits0
OSV
OSV
added 2026/01/26 11:36 p.m.3 views

GHSA-8HF7-H89P-3PQJ MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

Summary A Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

8.1CVSS6.1AI score0.0031EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2024/10/09 12:0 a.m.33 views

CentOS 7 : thunderbird (RHSA-2022:6710)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6710 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2024/08/21 12:0 a.m.262 views

Online Banking System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Online Banking System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.283 views

Loan Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

7.4AI score
Exploits0
Trellix
Trellix
added 2024/01/02 12:0 a.m.14 views

The Anatomy of HTML Attachment Phishing

The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...

7.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/07 12:0 a.m.24 views

Rocky Linux 8 : thunderbird (RLSA-2022:6708)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specifi...

8.8CVSS8.2AI score0.01342EPSS
Exploits0References21
Jake Archibald's Blog
Jake Archibald's Blog
added 2023/07/06 1:0 a.m.19 views

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

6.8AI score
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2023/07/06 1:0 a.m.9 views

The case against self-closing tags in HTML

Let's talk about /: You'll see this syntax on my blog because it's what Prettier does, and I really like Prettier. However, I don't think / is a good thing. First up: The facts Enter XHTML Back in the late 90s and early 2000s, the W3C had a real thing for XML, and thought that it should replace...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/06/06 4:39 p.m.32 views

syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI

Impact 1. A compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for...

5.4CVSS7.3AI score0.00778EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2023/06/06 4:39 p.m.24 views

GHSA-9RP6-23GF-4C3H syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI

Impact 1. A compromised instance with shared folders could sync malicious files which contain arbitrary HTML and JavaScript in the name. If the owner of another device looks over the shared folder settings and moves the mouse over the latest sync, a script could be executed to change settings for...

4.6CVSS5.2AI score0.00778EPSS
Exploits1References8
Packet Storm
Packet Storm
added 2023/02/10 12:0 a.m.296 views

WEBY 1.2.5 Cross Site Request Forgery

==================================================================================================================================== | Title : WEBY v.1.2.5 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 108.0.132-bit | | Vendor :...

0.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/12/07 12:0 a.m.54 views

Amazon Linux 2 : thunderbird (ALAS-2022-1900)

The version of thunderbird installed on the remote host is prior to 102.4.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1900 advisory. 2024-05-09: CVE-2021-28429 was added to this advisory. Integer overflow vulnerability in avtimecodemakestring in...

8.8CVSS8.3AI score0.01659EPSS
Exploits0References42
Amazon
Amazon
added 2022/12/06 12:0 a.m.37 views

Important: thunderbird

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 When receiving an HTML email that contained an iframe element, which used a srcdoc...

8.8CVSS8.9AI score0.01659EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2022/09/28 12:0 a.m.29 views

Debian DSA-5238-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5238 advisory. - When injecting an HTML base element, some requests would ignore the CSP's base-uri settings and accept the injected element's base instead. CVE-2022-40956 -...

8.8CVSS8.4AI score0.01342EPSS
Exploits0References15
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2018-0321)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.3AI score0.08654EPSS
Exploits1References13
Rows per page
Query Builder