Lucene search
K

5125 matches found

Cvelist
Cvelist
added 2023/04/04 12:0 a.m.30 views

CVE-2020-19697

Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the src parameter...

6.3AI score0.0066EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.14 views

CVE-2020-19699

Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page...

6.5AI score0.00593EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-11530 · Pandao · Editor.Md

Name of the Vulnerable Software and Affected Versions: Pandao Editor.md version 1.5.0 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted script in the src parameter. This enables the attacker to inject malicious scripts, potentially leading ...

6.1CVSS6.4AI score0.0066EPSS
Exploits1References6
Huntr
Huntr
added 2023/03/29 8:32 a.m.15 views

Improper Restriction of Rendered UI Layers or Frames

Description The osTicket uses an incorrect method to validate the src attribute of the iframe tag. Although it appears that osTicket restricts domains through a whitelist, attackers can easily bypass this restriction. Proof of Concept This iframe is going to render www.youtube.com.attacker's serv...

6.9AI score
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-5954-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.9AI score0.00713EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/28 12:0 a.m.25 views

CKEditor 4.x < 4.21 XSS Vulnerability - Linux

CKEditor 4 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.1CVSS6.2AI score0.00725EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/03/27 3:14 p.m.9 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/27 8:20 a.m.3 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
Ubuntu
Ubuntu
added 2023/03/27 3:18 a.m.84 views

USN-5972-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing,...

8.8CVSS8.3AI score0.00713EPSS
Exploits0
Ubuntu
Ubuntu
added 2023/03/27 3:5 a.m.79 views

USN-5954-2: Firefox regressions

USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

7.9AI score
Exploits0References1
OSV
OSV
added 2023/03/27 3:5 a.m.2 views

USN-5954-2 firefox regressions

USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/03/27 12:0 a.m.21 views

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-5972-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5972-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a...

8.8CVSS8AI score0.00713EPSS
Exploits0References6
OSV
OSV
added 2023/03/24 5:55 a.m.8 views

MGASA-2023-0116 Updated thunderbird packages fix security vulnerability

Incorrect code generation during JIT compilation. CVE-2023-25751 Potential out-of-bounds when accessing throttled streams. CVE-20223-25752 Invalid downcast in Worklets. CVE-2023-28162 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. CVE-2023-28164 Memor...

8.8CVSS8.2AI score0.00713EPSS
Exploits0References4
Mageia
Mageia
added 2023/03/24 5:55 a.m.53 views

Updated firefox packages fix security vulnerability

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...

8.8CVSS9.3AI score0.00713EPSS
Exploits0References4
Mageia
Mageia
added 2023/03/24 5:55 a.m.55 views

Updated thunderbird packages fix security vulnerability

Incorrect code generation during JIT compilation. CVE-2023-25751 Potential out-of-bounds when accessing throttled streams. CVE-20223-25752 Invalid downcast in Worklets. CVE-2023-28162 URL being dragged from a removed cross-origin iframe into the same tab triggered navigation. CVE-2023-28164 Memor...

8.8CVSS8.8AI score0.00713EPSS
Exploits0References3
OSV
OSV
added 2023/03/24 5:55 a.m.11 views

MGASA-2023-0111 Updated firefox packages fix security vulnerability

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash CVE-2023-25751. When accessing throttled streams, the count of available bytes needed to be checked in the calling...

8.8CVSS8.6AI score0.00713EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/03/23 11:32 a.m.3 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/23 11:20 a.m.3 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/23 11:18 a.m.5 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/03/23 11:10 a.m.2 views

Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory described the issue of dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks...

6.5CVSS7.3AI score0.00347EPSS
Exploits0References6
Rows per page
Query Builder