CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

Astra Linux - уязвимость в rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

CVE-2025-10280 Incorrect Content Type Cross-Site Scripting Vulnerability

IdentityIQ 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and all 8.3 patch levels including 8.3p5, and all prior versions allows some IdentityIQ web services that provide non-HTML content to be accessed via a URL path that will set the Content-Type to HTML allowing a...

PT-2025-44786

Name of the Vulnerable Software and Affected Versions IdentityIQ versions 8.5 IdentityIQ versions 8.4 through 8.4p3 IdentityIQ versions 8.3 through 8.3p5 versions prior to 8.3p6 Description The software allows certain web services providing non-HTML content to be accessed through a URL that...

Mozilla Firefox for iOS Information Disclosure Vulnerability

Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. An information disclosure vulnerability exists in Mozilla Firefox for iOS, which is caused due to incorrect sharing of cookie storage for non-HTML temporary documents with normal browsing content...

EUVD-2018-17873

Malware in sbrugna...

CVE-2025-10859

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs This vulnerability affects Firefox for iOS 143.1...

CVE-2025-10859

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...

CVE-2025-10859

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...

CVE-2025-10859 Data stored in cookies for non-HTML content while browsing Incognito could be viewed after closing private tabs

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...

CVE-2025-10859

Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed all tabs. This vulnerability was fixed in Firefox for iOS 143.1...

PT-2025-39982

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 143.1 Description A flaw existed in how Firefox for iOS handled cookie storage for non-HTML temporary documents. This resulted in incorrect sharing of cookie storage between non-HTML temporary documents and...

Linux Distros Unpatched Vulnerability : CVE-2022-22577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS Vulnerability in Action Pack = 5.2.0 and = 5.2.0 and 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. CVE-2022-22577 Note th...

Improper Input Validation

actionpack is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of security headers for non-HTML content types, which allows an attacker to potentially bypass security restrictions by sending specially crafted requests that exploit the lack of these security...

SUSE CVE-2024-28103

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

GHSA-FWHR-88QX-H9G7 Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation due to the improper handling of security headers for non-HTML content types. An attacker can potentially exploit this to bypass security restrictions by sending specially crafted requests that exploit the lack ...

CVE-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

CVE-2024-28103 Action Pack is missing security headers on non-HTML responses

Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3...

Missing security headers in Action Pack on non-HTML responses

Permissions-Policy is Only Served on HTML Content-Type The application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This has been assigned the CVE identifier CVE-2024-28103. Versions Affected: = 6.1.0 Not affected: 6.1.0 Fixed Versions: 6.1.7.8,...