54 matches found
Joomla! 6.x < 6.0.2 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 3.9.x prior to 5.4.2, or 6.x prior to 6.0.2. It is, therefore, affected by multiple vulnerabilities. - Lack of input filtering leads to an XSS vector in the HTML filter code related to data URLs in...
Joomla! CMS 跨站脚本漏洞
Joomla! CMS is an open source content management system for Joomla! A cross-site scripting vulnerability exists in Joomla! CMS that stems from insufficient input filtering, which could lead to cross-site scripting attack vectors in the HTML filter code associated with the data URL in the img tag...
EUVD-2001-0362
Malware in sbrugna...
EUVD-2006-7015
Malware in sbrugna...
Security update for python-reportlab (moderate)
openSUSE Security Update: Security update for python-reportlab Announcement ID: openSUSE-SU-2021:2641-1 Rating: moderate References: 1182503 Cross-References: CVE-2020-28463 CVSS scores: CVE-2020-28463 NVD : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-28463 SUSE: 5...
GHSA-MPVW-25MG-59VX Server-side Request Forgery (SSRF) via img tags in reportlab
All versions of package reportlab at time of writing are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of...
CVE-2020-28463
A flaw was found in python-reportlab. A Server-side Request Forgery SSRF vulnerability is possible via img tags...
CVE-2020-28463
All versions of package reportlab are vulnerable to Server-side Request Forgery SSRF via img tags. In order to reduce risk, use trustedSchemes & trustedHosts see in Reportlab's documentation Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos ...
Webscan - Browser-based Network Scanner And local-IP Detection
webscan is a browser-based network IP scanner and local IP detector. It detects IPs bound to the user/victim by listening on an RTP data channel via WebRTC and looping back to the port across any live IPs, as well as discovering all live IP addresses on valid subnets by monitoring for immediate...
GHSA-MG69-6J3M-JVGW HTML Injection in marky-markdown
All versions of marky-markdown are vulnerable to HTML Injection. The package fails to sanitize style attributes in img tags of the markdown input. This may allow attackers to affect the size of images in the rendered HTML. Recommendation This package is no longer maintained. Please upgrade to...
Cross-Site Request Forgery (CSRF)
squirrelmail is vulnerable to cross-site request forgery. Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted...
McAfee Data Loss Prevention Endpoint ePO extension cross-site scripting vulnerability
McAfee Data Loss Prevention Endpoint DLP Endpoint is an integrated endpoint data protection solution from McAfee, Inc. that prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control, and data...
CVE-2017-3948
Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...
Cross site scripting
Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...
CVE-2017-3948
Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...
CVE-2017-3948
Summary: CVE-2017-3948 is a Cross Site Scripting (XSS) vulnerability in the IMG Tags of the ePO extension for McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x. The underlying issue is an XSS in IMG Tags that allows an authenticated user to inject arbitrary web script or HTML via malicio...
Vanilla Forums 2.1.1 Cross Site Scripting
The vulnerability is related to the insufficient filtration in HTMLawed. Existing filter can be bypassed and paste into the HTML tag onerror event, that leads to stored XSS. I notified the developers of existing vulnerabilities and they closed it in version 2.1.1 proof:...
YaBB 1.x/9.1.2000 Administrator Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11214/info It is reported that YaBB is affected by an administrator command execution vulnerability. This issue is due to a failure of the application to properly validate access to administrative commands. This issue...
MS IE 3/4/5,Netscape Communicator 4 IMG Tag DoS Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3122/info An issue which affects users of multiple web browsers on Microsoft Windows platforms has been discovered. Multiple malicious IMG tags may cause a denial of services to users who view webpages they are embedded...
Microsoft Outlook 2003 Predictable File Location Weakness
No description provided by source. source: http://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer...