11 matches found
PT-2026-44198
The a3 Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.7.6 This is due to a regex bug in the filter videos method that breaks HTML attribute quoting when processing crafted elements, combined with unescaped output in the...
Mozilla: Quoting from an HTML email with certain tags will trigger network requests and load remote content, regardless of a configuration to block remote content
The Mozilla Foundation Security Advisory describes this flaw as: If a Thunderbird user quoted from an HTML email and the email contained either a video tag with the poster attribute or an object tag with a data attribute, a network request to the referenced remote URL was performed regardless of ...
FreeBSD : OTRS -- Multiple XSS and denial of service vulnerabilities (96e776c7-e75c-11df-8f26-00151735203a)
OTRS Security Advisory reports : - Multiple Cross Site Scripting issues : Missing HTML quoting allows authenticated agents or customers to inject HTML tags. This vulnerability allows an attacker to inject script code into the OTRS web-interface which will be loaded and executed in the browsers of...
Debian DSA-249-1 : w3mmee - missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...
Debian DSA-250-1 : w3mmee-ssl - missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send their local cookies...
[SECURITY] [DSA 251-1] New w3m packages fix cookie information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 251-1 [email protected] http://www.debian.org/security/ Martin Schulze February 14th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 250-1 [email protected] http://www.debian.org/security/ Martin Schulze February 12th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 250-1 [email protected] http://www.debian.org/security/ Martin Schulze February 12th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 249-1 [email protected] http://www.debian.org/security/ Martin Schulze February 11th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
-------------------------------------------------------------------------- Debian Security Advisory DSA 249-1 [email protected] http://www.debian.org/security/ Martin Schulze February 11th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 249-1 [email protected] http://www.debian.org/security/ Martin Schulze February 11th, 2003 http://www.debian.org/security/faq -...