42 matches found
Format string
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...
SUSE CVE-2006-1942
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into...
SUSE CVE-2010-0054
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving HTML IMG elements...
Zimbra Collaboration Suite 跨站脚本漏洞
Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 9.0.0, which stems from the lack of effective filtering...
CVE-2021-3163
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload a crafted onloadstart attribute of an IMG element in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended...
Denial Of Service (DoS)
Firefox is vulnerable to use-after-free vulnerability. This occurs when manipulating the DOM during the resize event of an image element. This could result in a potentially exploitable crash when the freed elements are accessed if these elements have been freed due to lack of strong references...
GHSA-VJCJ-5G2R-VXQC Pandao editor.md vulnerable to XSS in IMG attributes
Pandao Editor.md 1.5.0 allows XSS via crafted attributes of an invalid IMG element...
CVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
Design/Logic Flaw
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
CVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
CVE-2017-7802
CVE-2017-7802 is a use-after-free in the DOM during an image element resize event. The vulnerability occurs when freed image elements are accessed due to lack of strong references, potentially causing a crash. Affected products/versions from the provided documents include Thunderbird < 52.3, F...
CVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
Tiki Cross-Site Request Forgery Vulnerability
Tiki is a free, free, open source web application with rich built-in functionality. A cross-site request forgery vulnerability exists in the IMG element of Tiki, which can be exploited by authenticated users to edit global permissions if an administrator opens a Wiki page with the IMG element...
CVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
CVE-2017-7802
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...
CVE-2016-7119
Cross-site scripting XSS vulnerability in the user-profile biography section in DotNetNuke DNN before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element...
UBUNTU-CVE-2015-3751
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element...
Having fun with
Did you know that this works in every browser? Look, here's one: An image You might think it's leaking from SVG, but SVG images don't use src, they use xlink:href. Let's all take a moment to laugh at xlink. Done? Ok… In the first age of the web, some people accidentally typed instead of . Browser...
Microsoft Internet Explorer Unspecified vulnerability
This host is installed with Microsoft Internet Explorer and is prone to unspecified vulnerability. OpenVAS Vulnerability Test $Id: gbmsieunspecifiedvuln.nasl 5656 2017-03-21 11:03:12Z cfi $ Microsoft Internet Explorer Unspecified vulnerability Authors: Madhuri D Copyright: Copyright c 2010...
CVE-2010-1175
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."...