CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

UBUNTU-CVE-2019-12308

An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9, and 2.2 before 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provid...

PT-2019-4622 · Django Software Foundation +3 · Django +3

Name of the Vulnerable Software and Affected Versions: Django versions 1.11 through 1.11.20 Django versions 2.1 through 2.1.8 Django versions 2.2 through 2.2.1 Description: The issue is related to the AdminURLFieldWidget function in the Django web development framework, which is associated with...

DEBIAN-CVE-2017-14735

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of to construct a javascript: URL...

Apple OS X Messages Information Disclosure Vulnerability

Apple OS X is a specialized operating system developed by Apple Inc. for Mac computers.Messages is a component of the application used to send text, photos and videos. A security vulnerability exists in Messages in Apple OS X versions prior to 10.11.4. The vulnerability can be exploited by an...

DEBIAN-CVE-2012-4751

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC...

firefox, xulrunner security update

CentOS Errata and Security Advisory CESA-2012:0387 Updated firefox packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability...

about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox before 1.5.0.4 allows user-assisted remote attackers to inject arbitrary web script or HTML by tricking a user into 1 performing a "View Image" on a broken image in which the SRC attribute contains a Javascript URL, or 2 selecting "Show on...

security flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

security flaw

Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" in Firefox or "Set as Background" in Netscape context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewallin...

Eudora 6.0.3 Attachment Spoofing Exploit (windows)

Exploit for unknown platform in category remote exploits ================================================== Eudora 6.0.3 Attachment Spoofing Exploit windows ================================================== !/usr/bin/perl -- use MIME::Base64; print "From: me\n"; print "To: you\n"; print "Subject...