CentOS 7 : thunderbird (RHSA-2020:0576)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0576 advisory. - When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects...

thunderbird security update

CentOS Errata and Security Advisory CESA-2020:0576 An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Input validation

The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200224)

Security Fixes : Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 CVE-2020-6800 Mozilla: Out-of-bounds read when processing certain email messages CVE-2020-6793 Mozilla: Setting a master password post-Thunderbird 52 does not delete unencrypted previously stored passwords...

Envira Photo Gallery Cross-Site Scripting Vulnerability

WordPress plugin Envira Photo Gallery is a gallery plugin. A cross-site scripting vulnerability exists in Envira Photo Gallery 1.7.6 and earlier versions. An attacker can exploit this vulnerability to inject arbitrary JavaScript code that is viewed by another user...

CVE-2020-9335

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress. Successful exploitation of this vulnerability would allow a authenticated admin user to inject arbitrary JavaScript code that is viewed by other users...

CVE-2020-9334

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users...

Cross-Site Scripting (XSS)

discord-markdown is vulnerable to cross-site scripting XSS. The markdown is not properly sanitized, allowing injection of arbitrary Javascript into any website using discord-markdown with user-generated markdown...

RHEL 7 : thunderbird (RHSA-2020:0576)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0576 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fixes: Mozilla:...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

SUSE-SU-2020:14290-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox was updated to version 68.5.0 ESR bsc1163368. Security issues fixed: - CVE-2020-6796: Fixed a missing bounds check on shared memory in the parent process bsc1163368. - CVE-2020-6798: Fixed a JavaScript code injection issue caused ...

RHEL 8 : thunderbird (RHSA-2020:0565)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0565 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0. Security Fixes: Mozilla:...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...

PayPal: Reflect XSS and CSP Bypass on https://www.paypal.com/businesswallet/currencyConverter/

An endpoint used for currency conversion was found to suffer from a reflected XSS vulnerability, where user input was not being properly sanitized in a parameter in the URL. This could lead to a malicious user injecting malicious JavaScript, HTML, or any other type of code that the browser may...

Mozilla: Incorrect parsing of template tag could result in JavaScript injection

If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be...