CVE-2024-34141

CVE-2024-34141 is a stored XSS vulnerability affecting Adobe Experience Manager versions 6.5.20 and earlier. The flaw allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, resulting in JavaScript execution in a victim’s browser when loading the affected page. P...

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

RHEL 8 : thunderbird (RHSA-2024:4063)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:4063 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes:...

Updated thunderbird packages fix security vulnerabilities

Use-after-free in networking. CVE-2024-5702 Use-after-free in JavaScript object transplant. CVE-2024-5688 External protocol handlers leaked by timing attack. CVE-2024-5690 Sandboxed iframes were able to bypass sandbox restrictions to open a new window. CVE-2024-5691 Cross-Origin Image leak via...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

GHSA-QC3Q-8RR8-8P5V Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows a perpetrator to execute arbitrary code on the target system.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the target system using a specially created HTML page...

CVE-2023-49111 Reflected Cross-Site-Scripting in Kiuwan SAST

For Kiuwan installations with SSO single sign-on enabled, an unauthenticated reflected cross-site scripting attack can be performed on the login page "login.html". This is possible due to the request parameter "message" values being directly included in a JavaScript block in the response. This is...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Prototype Pollution

@almela/obx is vulnerable to Prototype Pollution. The vulnerability is caused by improper handling of JavaScript object prototypes within index.js, which allows an attacker to manipulate object prototypes, potentially leading to arbitrary code execution or unexpected application behavior...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Use-after-free in JavaScript object transplant

The Mozilla Foundation Security Advisory describes this flaw as: If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant...

AlmaLinux 9 : thunderbird (ALSA-2024:4002)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2024:4002 advisory. thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External...

ALSA-2024:4036 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.12.1. Security Fixes: thunderbird: Use-after-free in networking CVE-2024-5702 thunderbird: Use-after-free in JavaScript object transplant CVE-2024-5688 thunderbird: External protocol...

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies is related to an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the JWE Token Handler component in JavaScript object signing and encryption technologies with Python is related to high resource consumption during decryption using the created JSON Web Encryption token. Exploiting this vulnerability can allow a malicious actor to cause servi...

CVE-2024-36115

Reposilite is an open source, lightweight and easy-to-use repository manager for Maven based artifacts in JVM ecosystem. As a Maven repository manager, Reposilite provides the ability to view the artifacts content in the browser, as well as perform administrative tasks via API. The problem lies i...

CVE-2024-36115

CVE-2024-36115 affects Reposilite (v3.5.10 and prior) where artifact content served in the browser can execute JavaScript within the same origin, enabling stored XSS that can access token-secret from localStorage. This can lead to full compromise of the Reposilite instance and, in worst cases, re...

Cross-site Scripting (XSS)

zendframework/zend-view is vulnerable to cross-site scripting XSS. The vulnerability is due to many view helpers using escapeHtml instead of the more appropriate escapeHtmlAttr for escaping HTML attributes, which can lead to potential XSS attack vectors when user data and/or JavaScript is used to...