The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Google Chrome and Microsoft Edge browsers is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially crafted HTML page...

Mozilla Thunderbird < 115.15

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.15. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-44 advisory. - The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were...

CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

CVE-2024-45400 CKEditor Open Link plugin vulnerable to Cross-site Scripting

ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix...

How To Find XSS (Cross-Site Scripting) Vulnerabilities in WordPress Plugins and Themes

Yesterday, we announced the WordPress XSSplorer Challenge for the Wordfence Bug Bounty Program. The objective of this promotion is to help beginners get started in WordPress bug bounty hunting by opening up the scope of our Bug Bounty Program. Cross-Site Scripting vulnerabilities reported in...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

CVE-2024-8399

The CVE-2024-8399 issue affects Mozilla Focus for iOS prior to version 130, where Javascript links could spoof the navigation bar URL. Root cause: improper handling of Javascript links in the Focus navigation UI. Impact: spoofed URL addresses in the navigation bar; no broader system compromise st...

CVE-2024-8399

Websites could utilize Javascript links to spoof URL addresses in the Focus navigation bar This vulnerability affects Focus for iOS 130...

CVE-2024-45389 Pagefind DOM clobbering could escalate to Cross-site Scripting (XSS)

Pagefind, a fully static search library, initializes its dynamic JavaScript and WebAssembly files relative to the location of the first script the user loads. This information is gathered by looking up the value of document.currentScript.src. Prior to Pagefind version 1.1.1, it is possible to...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43413

Xibo CMS prior to 4.1.0 is affected by an XSS vulnerability in the DataSet feature: allowing authorized users to execute JavaScript by crafting a DataSet HTML column that contains JavaScript. The JS runs on the Data Entry page and on any Layouts referencing that DataSet. In version 4.1.0 this beh...

CVE-2024-43413 Xibo CMS XSS vulnerability using DataSet HTML columns

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43412 Xibo CMS XSS vulnerability when previewing files uploaded to the library containing HTML/JS

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...

CVE-2024-8384

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

SUSE-SU-2024:3112-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 115.14 fixed: When using an external installation of GnuPG, Thunderbird occassionally sent/received corrupted messages fixed: Users of external GnuPG were unable to decrypt incorrectly encoded messages bmo1906903...

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...

CVE-2024-8384

CVE-2024-8384 describes a memory safety issue in the JavaScript engine’s garbage collector where cross-compartment objects could be mis-colored under certain OOM timing, leading to memory corruption. Affected products per connected sources include Firefox and Thunderbird up to specific versions: ...

CVE-2024-8384

The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulnerability affects Firefox 130, Firefox ESR 128.2, Firefox ESR 115.15, Thunderbird 128.2, and...