CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11...

Cross-Site Scripting

mantisbt/mantisbt is vulnerable to Cross-Site Scripting. The vulnerability is due to improper user input sanitization of the custom field's name, allowing attackers to inject HTML and potentially execute arbitrary JavaScript in certain scenarios...

Slackware Linux 15.0 / current mozilla-firefox Multiple Vulnerabilities (SSA:2024-135-01)

The version of mozilla-firefox installed on the remote host is prior to 115.11.0esr / 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-135-01 advisory. - A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript...

GHSA-WGX7-JP56-65MQ Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting

Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when: - resolving or closing issues bugchangestatuspage.php belonging to a project linking said custom field - viewing issues viewallbugpage.php when...

CVE-2024-34081 MantisBT Cross-site Scripting vulnerability

MantisBT Mantis Bug Tracker is an open source issue tracker. Improper escaping of a custom field's name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when resolving or closing issues bugchangestatuspage.php belonging to a project linking...

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

F5 BIG-IP Configuration Utility Cross-Site Scripting Vulnerability (CNVD-2024-22215)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

CVE-2024-33604

A reflected cross-site scripting XSS vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-33604

A reflected cross-site scripting XSS vulnerability exist in undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

PT-2024-25370 · F5 · Big-Ip

Name of the Vulnerable Software and Affected Versions: BIG-IP affected versions not specified Description: A reflected cross-site scripting XSS issue exists in an undisclosed page of the BIG-IP Configuration utility. This allows an attacker to run JavaScript in the context of the currently...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the F5 BIG-IP configuration utility that can be exploited by an attacker to run...

GHSA-87HQ-Q4GP-9WR4 react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js

Summary If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. Patches This patch forces isEvalSupported to false, removing...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342 react-pdf's PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true which is the default value, unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in...

CVE-2024-34342

This CVE affects the react-pdf library (PDF.js integration). When PDF.js loads a malicious PDF and isEvalSupported is true (default), attacker-controlled JavaScript can run in the hosting domain’s context. The vulnerability is fixed in PDF.js when updated to versions 7.7.3 or 8.0.2, and react-pdf...

React-PDF 安全漏洞

React-PDF is an application by Wojciech Maj Personal Developer. A security vulnerability exists in react-pdf. An attacker exploiting this vulnerability could execute JavaScript code...

CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

CVE-2024-34061

CVE-2024-34061 – Changedetection.io is affected in versions prior to 0.45.22. A reflected Cross‑Site Scripting (XSS) vulnerability arises because input in the notification_urls parameter is not properly sanitized and is reflected on the page, enabling injection of malicious JavaScript. The CVSS v...

CVE-2024-34061 Reflected cross site scripting in changedetection.io

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. In affected versions Input in parameter notificationurls is not processed resulting in javascript execution in the application. A reflected XSS vulnerability happens when...

Cross Site Scripting (XSS)

phlex is vulnerable to Cross Site Scripting XSS. The vulnerability is due to insufficient sanitization of user-provided data in HTML attributes. If an application renders an tag within a href attribute thats set to a user provided link, arbitrary JavaScript execution may occur due to overly...