Lucene search
K

59106 matches found

RedHat Linux
RedHat Linux
added 2025/10/20 7:14 p.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/10/20 7:6 p.m.4 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/20 3:33 p.m.6 views

EUVD-2025-31060

rollbar vulnerable to prototype pollution...

7.5CVSS6.3AI score0.00365EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/20 3:30 p.m.5 views

EUVD-2025-35051

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

6.1CVSS5.6AI score0.00241EPSS
Exploits1References2
OSV
OSV
added 2025/10/20 3:30 p.m.2 views

GHSA-4VRF-42CM-7XFW TastyIgniter vulnerable to Cross-Site Scripting

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

4.8CVSS6.2AI score0.00546EPSS
Exploits1References3
NVD
NVD
added 2025/10/20 3:15 p.m.3 views

CVE-2025-61417

Cross-Site Scripting XSS vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/mediamanager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to...

8.8CVSS0.00546EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/10/20 11:55 a.m.8 views

Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches

ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches. ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, bu...

7.3AI score
Exploits0
Snyk
Snyk
added 2025/10/20 10:42 a.m.2 views

Cross-site Scripting (XSS)

Overview @tawk.to/tawk-messenger-vue-3 is an Official Vue 3 plugin for Tawk messenger Affected versions of this package are vulnerable to Cross-site Scripting XSS via the tawkFileUpload endpoint in the chatbot. An attacker can execute arbitrary JavaScript code in the browser of other users by...

6.1CVSS5.4AI score0.00486EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/20 9:56 a.m.5 views

EUVD-2025-35044

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS5.8AI score0.00486EPSS
Exploits0References2
CVE
CVE
added 2025/10/20 9:56 a.m.15 views

CVE-2025-8349

CVE-2025-8349 denotes a stored XSS in Tawk Live Chat. A malicious PDF with JavaScript uploaded via the chatbot is stored by the application and later rendered unsanitized to other users, enabling execution of arbitrary script (e.g., cookie theft) in the victim’s browser. Affected components inclu...

5.3CVSS5.9AI score0.00486EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/10/20 9:56 a.m.5 views

CVE-2025-8349

Cross-site Scripting XSS stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed witho...

5.3CVSS6AI score0.00486EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/20 2:25 a.m.7 views

thunderbird: firefox: Some non-writable Object properties could be modified

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: There was a way to change the value of JavaScript Object properties that were supposed to be non-writeable...

6.5CVSS6.5AI score0.0021EPSS
Exploits0References6
OSV
OSV
added 2025/10/20 12:3 a.m.3 views

OSV-2025-846 Use-of-uninitialized-value in js_create_function

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=453198741 Crash type: Use-of-uninitialized-value Crash state: jscreatefunction JSEvalInternal JSEvalObject...

7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 12:0 a.m.8 views

CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

0.00241EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/20 12:0 a.m.5 views

CVE-2025-61454

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

5.7AI score0.00233EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.3 views

Taguette 跨站脚本漏洞

Taguette is a qualitative research tool by the individual developer Remi Rampin. A cross-site scripting vulnerability exists in Taguette versions prior to 1.5.0, which stems from a project member being able to insert JavaScript code into a name or description field, potentially leading to a...

5.4CVSS5.9AI score0.00161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/20 12:0 a.m.2 views

CVE-2025-61456

A Cross-Site Scripting XSS vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who...

5.7AI score0.00241EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/10/20 12:0 a.m.7 views

WhatWeb Scanner 0.6.3

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems CMS, blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different...

7.5AI score
Exploits0
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.3 views

TastyIgniter 安全漏洞

TastyIgniter is an online ordering software from TastyIgniter open source. A security vulnerability exists in TastyIgniter version 3.7.7, which stems from the /admin/mediamanager component not properly handling JavaScript code in SVG files, which could lead to a cross-site scripting attack...

8.8CVSS5.9AI score0.00546EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/10/20 12:0 a.m.2 views

FreeBSD : Mozilla -- JavaScript Object property overriding (fff839db-ad04-11f0-b2aa-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fff839db-ad04-11f0-b2aa-b42e991fc52e advisory. [email protected] reports: There was a way to change the value of JavaScript Object properties that...

6.5CVSS8.1AI score0.0021EPSS
Exploits0References3
Rows per page
Query Builder