61 matches found
CVE-2026-30925
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...
EUVD-2005-3891
Malware in sbrugna...
EUVD-2008-4182
Malware in sbrugna...
EUVD-2006-2229
Malware in sbrugna...
EUVD-2008-5038
Malware in sbrugna...
EUVD-2016-6213
Malware in sbrugna...
EUVD-2025-32031
Malicious code in bioql PyPI...
EUVD-2022-5827
Malicious code in bioql PyPI...
EUVD-2022-27902
Malicious code in bioql PyPI...
Mozilla: Privileged JavaScript Execution via Event Handlers
The Mozilla Foundation Security Advisory describes this flaw as: An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process...
SUSE CVE-2013-4997
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...
Code injection
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...
phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...
GHSA-5GH4-V2CH-PCX4 phpMyAdmin Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...
The vulnerability of the iframe element in Mozilla Firefox allows a violator to circumvent the imposed security restrictions.
The vulnerability of the iframe element in Mozilla Firefox and the Mozilla Thunderbird email client is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions by adding an iframe element with a JavaScript event to the...
Mozilla: Sandboxed iframes could have executed script if the parent appended elements
The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...
Mozilla: Sandboxed iframes could have executed script if the parent appended elements
The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...
Mozilla: Sandboxed iframes could have executed script if the parent appended elements
The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...
Mozilla: Sandboxed iframes could have executed script if the parent appended elements
The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...
CVE-2022-22759
If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...