280 matches found
CVE-2024-31393
This CVE (CVE-2024-31393) affects Mozilla Firefox for iOS prior to version 124. The issue stems from insufficient input validation when dragging Javascript URLs into the address bar, which could cause the URL to load and bypass certain security protections. Affected component is the address bar h...
CVE-2024-31393
Dragging Javascript URLs to the address bar could cause them to be loaded, bypassing restrictions and security protections This vulnerability affects Firefox for iOS 124...
Code injection
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...
CVE-2024-27087 Kirby cross-site scripting (XSS) in the link field "Custom" type
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As th...
PT-2024-21639 · Kirby · Kirby
Name of the Vulnerable Software and Affected Versions: Kirby versions prior to 4.1.1 Description: Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a...
PT-2024-21398 · Kirby Cms · Kirby Cms
Name of the Vulnerable Software and Affected Versions: Kirby CMS version 4.1.0 Description: A reflected self-XSS vulnerability was discovered in Kirby CMS via the URL parameter. This issue can be exploited when a user is tricked into executing malicious JavaScript code within their own context,...
Cross-site Scripting (XSS)
github.com/greenpau/caddy-security is vulnerable to Cross-site Scripting XSS via the Referer header. The vulnerability is due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for an attack...
GHSA-FF72-FF42-C3GW Cross-site Scripting in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
Cross-site Scripting in github.com/greenpau/caddy-security
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
Cross site scripting
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
CVE-2024-21496
All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS e.g., &, , ", ', it does not account for th...
PT-2024-18911 · Unknown · Caddy-Security
Name of the Vulnerable Software and Affected Versions: github.com/greenpau/caddy-security versions all Description: The issue is related to Cross-site Scripting XSS via the Referer header, caused by improper input sanitization. Although some characters are escaped to prevent XSS, the sanitization...
Hacking Microsoft and Wix with Keyboard Shortcuts
Browser vendors continuously tweak and refine browser functionalities to improve security. Implementing same-site cookies is a prime example of vendors’ efforts to mitigate Cross-Site Request Forgery CSRF attacks. However, not all security measures are foolproof. In their quest to combat Cross-Si...
CVE-2023-6210
When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects Firefox 120...
Cross-site Scripting (XSS)
Overview github.com/greenpau/caddy-security is a Security App and Plugin for Caddy v2. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that...
CVE-2023-37256
CVE-2023-37256 affects the MediaWiki Cargo extension up to 1.39.3, which permits storing javascript: URLs in URL fields and automatically linking them. Public details in connected advisories indicate remediation via upgrading MediaWiki to 1.39.5 or later (and 1.40.x to 1.40.1 or later). Exploitat...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki version 1.39.3, which stems from an issue discovered...