4 matches found
CVE-2023-49293 Cross-site Scripting in `server.transformIndexHtml` via URL payload in vite
Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via server.transformIndexHtml, the original request URL is passed in unmodified, and the html being transformed contains inline module scripts ..., it is possible to inject arbitrary HTML into the transforme...
Fedora 33 : seamonkey (2021-2761b54dff)
The remote Fedora 33 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-2761b54dff advisory. - Fix updating and support of legacy javascript extensions. ---- Update to 2.53.7 Enable support for module scripts. To turn it off, toggle...
Fedora 32 : seamonkey (2021-4b0a8b8629)
The remote Fedora 32 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2021-4b0a8b8629 advisory. - Appled all the changes from the upstream 2.53.7.1 update. Fixed tab opening in background and tab choosing on a tab close. ---- Fix updating and support of...
httpd: privilege escalation from modules scripts
A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...