Summarize's hover summary feature allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links

Summarize prior to 0.15.0 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to make authenticated daemon requests using stored tokens without verifying event trustworthines...

EUVD-2022-1509

Malicious code in bioql PyPI...

GHSA-2C6J-VW6R-MFCH Fiora chat group avatar is vulnerable to XSS via SVG files

File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject elements containing iframe tags and JavaScript event handlers onmouseover to be uploaded...

Cross-site Scripting (XSS)

org.jeecgframework.boot:jeecg-boot-base-core is vulnerable to cross-site scripting. The vulnerability exists in jeecg-boot/jmreport/view with a mouseover event, allowing an attacker to inject and execute malicious javascript...

Cross-site Scripting in jeecg-boot

jeecg-boot is a code generator. A Cross Site Scripting XSS vulnerabilitiy exists in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

CVE-2021-44585

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

Cross site scripting

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

CVE-2021-44585

A Cross Site Scripting XSS vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event...

New critical vulnerability discovered in open-source office suites

A great number of attack techniques these days are using Microsoft Office documents to distribute malware. In recent years, there has been serious development on document exploit kit builders, not to mention the myriad of tricks that red-teamers have come up with to bypass security solutions. In...

Microsoft Internet Explorer 7 - Clickjacking

Microsoft Internet Explorer 7 - Clickjacking Application Name : Ä°nternet Explorer 7 Vulnerable Type : Clickjacking Author : UzmiX function updateboxevt mouseX=evt.pageX?evt.pageX:evt.clientX; mouseY=evt.pageY?evt.pageY:evt.clientY; document.getElementById'open'.style.left=mouseX-2;...

Cross site scripting

Cross-site scripting XSS vulnerability in the chat client in IBM Lotus Sametime 7.5 and 7.5.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted message, which triggers code execution after a mouseover event initiated by the victim...

[NT] Microsoft Internet Explorer Drag-and-Drop Redeux

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...