CVE-2025-52650 HCL AION is susceptible to Inline script execution allowed in CSP vulnerability

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...

CVE-2025-52650 HCL AION is susceptible to Inline script execution allowed in CSP vulnerability

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...

EUVD-2025-33691

Inline script execution allowed in CSP vulnerability has been identified in HCL AION v2.0...

CVE-2025-52650

CVE-2025-52650 – HCL AION v2.0 : A CSP-related issue allows inline script execution due to improper CSP enforcement in HCL AION version 2.0. The root cause is CSP misconfiguration that fails to block inline scripts, enabling potential script injection within the application. Documented sources (P...

PT-2025-41540

Name of the Vulnerable Software and Affected Versions HCL AION version 2.0 Description An issue exists in HCL AION version 2.0 related to Content Security Policy CSP enforcement. Improper CSP configuration allows for the execution of inline scripts, which should be blocked. This enables an attack...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. A security vulnerability exists in HCL AION version v2.0 that stems from allowing inline script execution in CSP environments...

EUVD-2021-2423

Malware in sbrugna...

CVE-2025-58765

Wabac.js (service-worker based web archive replay) has a Reflected XSS in 404 error handling, where the requestURL parameter is embedded into an inline script without sanitization. Affected: wabac.js

CVE-2025-58765 wabac.js has XSS vulnerability in 404 error handling logic

wabac.js provides a full web archive replay system, or 'wayback machine', using Service Workers. A Reflected Cross-Site Scripting XSS vulnerability exists in the 404 error handling logic of wabac.js v2.23.10 and below. The parameter requestURL derived from the original request target is directly...

PT-2025-14115 · Unknown +1 · React-Tooltip +1

Name of the Vulnerable Software and Affected Versions: Bruno versions prior to 1.39.1 Description: The issue arises from custom tool-tip components using react-tooltip, which set content as raw HTML and inject it into the DOM on hover. This, combined with loose Content Security Policy restriction...

Vite XSS vulnerability in `server.transformIndexHtml` via URL payload

Summary When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transformed output by supplying a...

CVE-2021-37634

Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting XSS attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an...

Semmle: CSP : Inline scripts can be inserted

Vulnerable URL:- https://lgtm-com.pentesting.semmle.net/ Summery Content Security Policy CSP is a client-side security model which allows developers to specify where different types of resources should be loaded, executed and embedded from. With CSP you can instruct the browser only to load...

Mozilla: CSP bypass using marquee tag (MFSA 2016-94, MFSA 2016-95)

Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

UBUNTU-CVE-2016-9895

Event handlers on "marquee" elements were executed despite a strict Content Security Policy CSP that disallowed inline JavaScript. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

Ubuntu: Security Advisory (USN-2785-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SeaMonkey 2.x < 2.10 Multiple Vulnerabilities

Binary data 6496.prm...

Thunderbird 10.0.x < 10.0.5 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird 10.0.x is potentially affected by the following security issues : - An error exists in the ASN.1 decoder when handling zero length items that can lead to application crashes. CVE-2012-0441 - Multiple memory corruption errors exist. CVE-2012-1937, CVE-2012-1939...

Content Security Policy inline-script bypass — Mozilla

Security researcher Adam Barth found that inline event handlers, such as onclick, were no longer blocked by Content Security Policy's CSP inline-script blocking feature. Web applications relying on this feature of CSP to protect against cross-site scripting XSS were not fully protected...

CVE-2001-0726

CVE-2001-0726 concerns Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server. The issue arises when OWA is used with Internet Explorer and fails to properly detect certain inline script in HTML emails, which can allow remote attackers to perform arbitrary actions on a user’s Exchange mailbox....