Cross-site Scripting (XSS)

typo3/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper encoding of user input, allowing authenticated editors to inject arbitrary HTML or JavaScript...

[SECURITY] Fedora 40 Update: qt5-qtwebchannel-5.15.14-1.fc40

The Qt WebChannel module provides a library for seamless integration of C++ and QML applications with HTML/JavaScript clients. Any QObject can be published to remote clients, where its public API becomes available...

Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

Description The plugin has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. PoC 1. Add a form to a footer widget area 2. Disable JavaScript 3. Access the URL: https://example.com/%0a/google.com 4. Fill out the form and submit 5. The...

GHSA-9P6P-8V9R-8C9M javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. Crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0...

javascript-deobfuscator crafted payload can lead to code execution

javascript-deobfuscator removes common JavaScript obfuscation techniques. Crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0...

GHSA-8J9V-4HHH-X43C Cross-Site Scripting (XSS) in TYPO3 component CSS styled content

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

Cross-Site Scripting (XSS) in TYPO3 component CSS styled content

Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

SUSE CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim's browser...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript within...

Uniview NVR301-04S2-P4 (Update A)

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.1 ATTENTION : Exploitable remotely/low attack complexity/public exploits available Vendor : Uniview Equipment : NVR301-04S2-P4 Vulnerability : Cross-site Scripting 2. RISK EVALUATION An attacker could send a user a URL that if clicked on could execute...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper input sanitization in the Form Framework validation handling, which allows an attackers to inject malicious JavaScript...

Important: Red Hat Security Advisory: nodejs : security update

An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.6.0 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

CVE-2024-36123

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

GHSA-5CXF-XX9J-54JC Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend

Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript...

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

CVE-2024-36123 Citizen has a Stored Cross-Site Scripting Vulnerability by editing MediaWiki:Tagline

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML including Javascript can be injected by someone with the ability to edit the MediaWiki namespace typically those with the editinterface...

RHEL 6 : v8 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101 CVE-2014-3188 - V8: integer overflow leading to...

RHEL 8 : 3.0_skopeo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 Note that Nessus has not tested fo...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access tok...