34 matches found
CVE-2026-29106
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the returnid request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double quotati...
CVE-2026-29106
Summary: CVE-2026-29106 affects SuiteCRM prior to 7.15.1 and 8.9.3. The return_id request parameter value is copied into an HTML tag attribute that is an event handler and enclosed in double quotes, enabling a blind XSS condition. The issue is addressed in versions 7.15.1 and 8.9.3 (patches). Mit...
PT-2026-26444
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, the value of the return id request parameter is copied into the value of an HTML tag attribute which is an event handler and is encapsulated in double...
CVE-2020-12707
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements...
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
EUVD-2020-4750
Malware in sbrugna...
EUVD-2020-4995
Malware in sbrugna...
EUVD-2020-5006
Malware in sbrugna...
EUVD-2021-1879
Malware in sbrugna...
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-12718
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle...
GHSA-V2F3-F8X4-M3W8 Cross Site Scripting in LavaLite CMS
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
Cross site scripting
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
CVE-2020-23234
CVE-2020-23234 affects LavaLite CMS 5.8.0 (Menu Blocks feature) with a Cross-Site Scripting (XSS) vulnerability that can be bypassed using HTML event handlers such as ontoggle. The available connected sources confirm the product, version, and the XSS in this component, along with the described by...
CVE-2020-23234
Cross Site Scripting XSS vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,"...
Content injection in marked
Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...
GHSA-WJMF-58VC-XQJR Content injection in marked
Versions 0.3.7 and earlier of marked When mangling is disabled via option mangle don't escape target href. This allow attacker to inject arbitrary html-event into resulting a tag...
Oracle Linux 8 : thunderbird (ELSA-2020-5236)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-5236 advisory. 78.5.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.5.0-1 - Update to 78.5.0 build3 Tenable has...
Cross site scripting
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle...