GHSA-PCFX-G2J2-F6F6 Docassemble HTML and javascript injection

Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...

Docassemble HTML and javascript injection

Impact A user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The HTML can also contain tags allowing JavaScript to execute on the page. Patches The vulnerability has been patched in version 1.4.97 of the master...

CVE-2024-27087 Kirby cross-site scripting (XSS) in the link field "Custom" type

Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL...

Cross site scripting

A DOM based cross-site scripting XSS vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL...

PT-2024-21386 · Unknown · Web-Platform-Tests

Name of the Vulnerable Software and Affected Versions: web-platform-tests/wpt versions before commit 938e843 Description: A DOM based cross-site scripting XSS issue in the component /dom/ranges/Range-test-iframe.html allows attackers to execute arbitrary Javascript via sending a crafted URL...

GHSA-RC6H-QWJ9-2C53 Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed JavaScript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

CVE-2024-23320

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Input validation

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This...

Apache DolphinScheduler 输入验证错误漏洞

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. An input validation error vulnerability exists in Apache DolphinScheduler versions prior to 3.2.1, which stems from the presence of incorrect...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

Race condition

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

Information disclosure

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-26281

Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS 123...

CVE-2024-26282

CVE-2024-26282 affects Firefox for iOS prior to version 123. A cross-site scripting vector exists when using an AMP URL with a canonical element: an attacker could execute JavaScript from an opened bookmarked page, potentially compromising cookies and site integrity. Root cause involves AMP URL h...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-26282

Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS 123...

CVE-2024-1563

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS 122...

CKEditor cross-site scripting vulnerability (CNVD-2024-09868)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to bypass the advanced content filtering mechanism to inject incorrectly formatted...