thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

CVE-2025-23393

A Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in spacewalk-java allows execution of arbitrary Javascript code on users machines.This issue affects Container suse/manager/5.0/x8664/server:5.0.4.7.19.1: from ? before 5.0.24-150600.3.25.1; SUSE Manager...

ALSA-2025:8196 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link CVE-2025-3909 thunderbird: Sender Spoofing via Malformed From Header in Thunderbird CVE-2025-3875 thunderbird: Unsolicited File Download,...

RHEL 9 : thunderbird (RHSA-2025:8203)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:8203 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: JavaScript Execution via Spoofed PDF Attachment...

SUSE Manager Server 安全漏洞

SUSE Manager Server is an infrastructure management solution from SUSE Germany designed to simplify and secure the management of various Linux distributions. A security vulnerability exists in SUSE Manager Server that stems from improper neutralization of script-related HTML tags, which could lea...

CVE-2025-23392

CVE-2025-23392 is a spacewalk-java XSS vulnerability (Improper Neutralization of Script-Related HTML Tags). Affects SUSE Manager components including Spacewalk/Spacewalk-Java modules and SUSE Manager Server Module 4.3; targeted versions listed as before 5.0.24-150600.3.25.1 for several containers...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2025-44998

A stored cross-site scripting XSS vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter...

CVE-2024-43412

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...

CVE-2024-52286

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input file name and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code...

CVE-2024-47772

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of...

CVE-2024-40746

A stored cross-site scripting XSS vulnerability in HikaShop Joomla Component 5.1.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload in the description parameter of any product. The description parameter is not sanitised in the...

CVE-2024-43413

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute JavaScript via the DataSet functionality. Users can design a DataSet with a HTML column which...

CVE-2024-43111

Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS 129...

CVE-2024-40618

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension...

CVE-2025-4379

DobryCMS in versions 2. and lower is vulnerable to Reflected Cross-Site Scripting XSS. Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened. A hotfix for affected versions was released on 29.04.2025. It...

CVE-2025-4379

DobryCMS prior to 3.x (versions 2.* and lower) is affected by a Reflected XSS in the szukaj parameter. The root cause is improper input validation, allowing arbitrary JavaScript to execute in a victim’s browser when a specially crafted URL is opened. A hotfix addressing affected versions was rele...