59106 matches found
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
EUVD-2025-31060
rollbar vulnerable to prototype pollution...
EUVD-2025-35051
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
GHSA-4VRF-42CM-7XFW TastyIgniter vulnerable to Cross-Site Scripting
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...
CVE-2025-61417
Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, bu...
Cross-site Scripting (XSS)
Overview @tawk.to/tawk-messenger-vue-3 is an Official Vue 3 plugin for Tawk messenger Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tawkFileUpload endpoint in the chatbot. An attacker can execute arbitrary JavaScript code in the browser of other users by...
EUVD-2025-35044
Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...
CVE-2025-8349
CVE-2025-8349 denotes a stored XSS in Tawk Live Chat. A malicious PDF with JavaScript uploaded via the chatbot is stored by the application and later rendered unsanitized to other users, enabling execution of arbitrary script (e.g., cookie theft) in the victim’s browser. Affected components inclu...
CVE-2025-8349
Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...
thunderbird: firefox: Some non-writable Object properties could be modified
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...
OSV-2025-846 Use-of-uninitialized-value in js_create_function
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=453198741 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...
CVE-2025-61456
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
CVE-2025-61454
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
Taguette 跨站脚本漏洞
Taguette is a qualitative research tool by the individual developer Remi Rampin. A cross-site scripting vulnerability exists in Taguette versions prior to 1.5.0, which stems from a project member being able to insert JavaScript code into a name or description field, potentially leading to a...
CVE-2025-61456
A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...
WhatWeb Scanner 0.6.3
WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...
TastyIgniter 安全漏洞
TastyIgniter is an online ordering software from TastyIgniter open source. A security vulnerability exists in TastyIgniter version 3.7.7, which stems from the /admin/mediamanager component not properly handling JavaScript code in SVG files, which could lead to a cross-site scripting attack...
FreeBSD : Mozilla -- JavaScript Object property overriding (fff839db-ad04-11f0-b2aa-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fff839db-ad04-11f0-b2aa-b42e991fc52e advisory. [email protected] reports: There was a way to change the value of JavaScript Object properties that...