67 matches found
PT-2026-22479
Name of the Vulnerable Software and Affected Versions wpForo Forum version 2.4.14 Description The software contains a stored cross-site scripting issue that permits authenticated subscribers to upload specially crafted SVG files as profile avatars. This is achieved through the avatar upload...
EUVD-2006-3379
Malware in sbrugna...
EUVD-2002-1944
Malware in sbrugna...
EUVD-2017-14498
Malware in sbrugna...
EUVD-2006-2144
Malware in sbrugna...
EUVD-2013-2824
Malware in sbrugna...
EUVD-2009-1406
Malware in sbrugna...
EUVD-2006-0444
Malware in sbrugna...
EUVD-2007-4680
Malware in sbrugna...
EUVD-2004-0191
Malware in sbrugna...
EUVD-2022-3285
Malicious code in bioql PyPI...
Fiora chat group avatar is vulnerable to XSS via SVG files
File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...
DRUPAL-CONTRIB-2025-090
This module allows you to define custom attributes for a block. You can specify an attribute name to be added to the block in a predefined format. The module does not sufficiently validate the provided attributes, which makes it possible to insert JavaScript event attributes such as onmouseover,...
CVE-2012-6565
Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...
CVE-2002-2311
Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the...
SUSE CVE-2008-4199
Opera before 9.52 does not prevent use of links from web pages to feed source files on the local disk, which might allow remote attackers to determine the validity of local filenames via vectors involving "detection of JavaScript events and appropriate manipulation."...
SUSE CVE-2017-5394
A location bar spoofing attack where the location bar of loaded page will be shown over the content of another tab due to a series of JavaScript events combined with fullscreen mode. Note: This issue only affects Firefox for Android. Other operating systems are not affected. This vulnerability...
SUSE CVE-2017-7770
A mechanism where when a new tab is loaded through JavaScript events, if fullscreen mode is then entered, the addressbar will not be rendered. This would allow a malicious site to displayed a spoofed addressbar, showing the location of an arbitrary website instead of the one loaded. Note: this...
TAO Open Source Assessment Platform 3.3.0 RC2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Multiple XSS vulnerabilities product: TAO Open Source Assessment Platform vulnerable version: 3.3.0 RC2 fixed version: - CVE number: - impact: medium homepage:...
HackerOne: DOM Based XSS in www.hackerone.com via PostMessage
Summary: The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaScript in the context of the www.hackerone.com...