Cross-site Scripting (XSS)

qunit is vulnerable to cross-site scripting XSS. The vulnerability exists as it does not escape the value of details.source in innerHTML of reporter/html.js...

Cross-site Scripting (XSS)

Overview lazysizes is a fast jank-free, SEO-friendly and self-initializing lazyloader for images including responsive images picture/srcset, iframes, scripts/widgets and much more. It also prioritizes resources by differentiating between crucial in view and near view elements to make perceived...

Cross-Site Scripting (XSS)

bleach is vulnerable to cross-site scripting XSS. Invocation of bleach.clean method with a scripting parameter set to FALSE and a raw tags such as title, textarea, script, style, noembed, noframes, iframe, xmp allows BleachHTMLParser to process user-contributed content using innerHTML property,...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

DEBIAN-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

UBUNTU-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Cross-Site Scripting (XSS)

react-autolinker-wrapper is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser as the library does not validate user input and directly render the user provided data when calling the invokeLink method, allowing the conversion o...

UBUNTU-CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2436-1)

This update for MozillaFirefox to ESR 60.9 fixes the following issues : Security issues fixed : CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. bsc1149303 CVE-2019-11746: Fixed a use-after-free while manipulating video. bsc114929...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...