CVE-2021-39267

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...

CVE-2021-39267

Persistent cross-site scripting XSS in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution such...

Cross-site Scripting (XSS) - Stored in ampache/ampache

✍️ Description This is a stored XSS in the mp3 management library. 🕵️‍♂️ Proof of Concept 1. Edit meta data with Audacity: 2. Create a new playlist that contains this file. 3. Open "Album" 1 under "Search" menu then click "Search" 2: 💥 Impact By uploading an mp3 with javascript code into meta tag...

DEBIAN-CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

UBUNTU-CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

CVE-2021-37695

CKEditor 4 vulnerability CVE-2021-37695 involves the Fake Objects addon. The issue allows injection of malformed Fake Objects HTML that can lead to JavaScript execution in affected CKEditor 4 plugins when used at versions prior to 4.16.2. Public references in connected documents confirm the affec...

CVE-2021-37695 Execution of JavaScript code using malformed HTML in ckeditor

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 Fake Objects package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using...

CVE-2021-37700

@github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its...

CVE-2021-37700

The CVE-2021-37700 issue affects the npm package @github/paste-markdown. Root cause: when clipboard HTML contains a tag, the code creates a div and assigns the clipboard content to its innerHTML without sanitization, enabling DOM-based XSS in the victim’s browser. Affected version before 0.3.4; ...

GHSA-GPFJ-4J6G-C4W9 Clipboard-based DOM-XSS

Impact A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown library. If the clipboard data contains the string , a div is dynamically created, and the clipboard content is copied into its innerHTML property without any sanitization, resulting in improper execution of...

DEBIAN-CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

UBUNTU-CVE-2021-32808

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in ckeeditor that allows injection of malformed fake object HTML, which could lead to the execution of JavaScript code...

MGASA-2021-0390 Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server packages fix security vulnerabilities: RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP...

CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

DEBIAN-CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

UBUNTU-CVE-2021-37833

A reflected cross-site scripting XSS vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands...

CVE-2021-29979

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...

Information disclosure

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.. This vulnerability affects Hubs Cloud mozillareality/reticulum/1.0.1/20210618012634...