3 matches found
bagisto has Cross Site Scripting (XSS) issue in TinyMCE Image Upload (HTML)
Summary In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges e.g. admin to upload a crafted HTML file containing embedded JavaScript. When viewed, the malicious code executes in the context of the admin/user’s browser. Details The application...
Microsoft Edge Security Feature Bypass (MS17-007: CVE-2017-0066)
Security feature bypass exists in Microsoft Edge. The vulnerability is due to an error in Microsoft Edge while handling a specially crafted HTML file. A remote attacker can exploit this issue by enticing a user to open a specially crafted web-page with an affected version of Microsoft Edge...
Microsoft Internet Explorer Multipart HTML File Handling Remote Code Execution Vulnerability
...