40 matches found
Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...
EUVD-2026-19889
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects...
CVE-2026-39840
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39840 CSS injection in multiple Cargo display formats
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows XSS Targeting Non-Script Elements.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
CVE-2026-39838 ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements. The issue has been remediated on the master branch, and in the release branches for MediaWiki...
CVE-2026-39838
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects...
PT-2026-30991
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows XSS Targeting Non-Script Elements.This issue affects...
Dolibarr 安全漏洞
Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities within user organizations. Dolibarr versions 22.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a local file inclusion vulnerability in the core AJAX...
CVE-2023-23756
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements...
PT-2024-30559 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 14.10.21 XWiki Platform versions prior to 15.5.5 XWiki Platform versions prior to 15.10.6 XWiki Platform versions prior to 16.0.0 Description: The issue allows a user without Script or Programming rights to...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...