3107 matches found
SUSE-SU-2023:2064-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 102.10.1 MFSA 2023-15 bsc1210212: Security fixes: CVE-2023-29531: Out-of-bound memory access in WebGL on macOS bmo1794292 CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass bmo1806394...
CVE-2023-24966 IBM WebSphere Application Server cross-site scripting
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...
CVE-2023-30177
CraftCMS 3.7.59 is vulnerable Cross Site Scripting XSS. An attacker can inject javascript code into Volume Name...
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions Plugin
Summary Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server. Details Strapi through 4.5.5 allows authenticated Server-Side Template Injection SSTI that can be exploited to execute arbitrary code on the server....
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Updated thunderbird packages fix security vulnerability
Fullscreen notification obscured. CVE-2023-29533 Double-free in libwebp. MFSA-TMP-2023-0001 Potential Memory Corruption following Garbage Collector compaction. CVE-2023-29535 Invalid free from JavaScript code. CVE-2023-29536 Revocation status of S/Mime recipient certificates was not checked...
Fedora 38 : php-Smarty (2023-199edf23f0)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-199edf23f0 advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Mozilla: Invalid free from JavaScript code
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash...
Fedora 37 : php-Smarty (2023-4b03f6cd8a)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4b03f6cd8a advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...
Fedora 36 : php-Smarty (2023-7490239652)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-7490239652 advisory. 3.1.48 - 2023-03-28 Security - Fixed Cross site scripting vulnerability in Javascript escaping. This addresses CVE-2023-28447. Fixed - Output buffer...
CVE-2023-0157
The CVE-2023-0157 entry concerns All-In-One Security (AIOS) for WordPress, where versions prior to 5.1.5 fail to escape log file content before rendering on the plugin’s admin page. This enables an authorized admin+ user to plant log files containing malicious JavaScript that executes in the cont...
PT-2023-16046 · WordPress · All-In-One Security
Name of the Vulnerable Software and Affected Versions: All-In-One Security AIOS WordPress plugin versions prior to 5.1.5 Description: The issue allows an authorized user with admin+ privileges to plant bogus log files containing malicious JavaScript code. This code will be executed in the context...
CVE-2020-19277
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor...
CVE-2020-19277
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor...
Design/Logic Flaw
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...
Sales Tracker Management System 1.0 Cross Site Scripting
Exploit Title: Sales Tracker Management System - Cross Site Scripting Vulnerability Authenticated Date: 23/03/2023 Exploit Author: Abdulhakim Öner Vendor Homepage: https://www.sourcecodester.com Software Link:...