Lucene search
K

72 matches found

Debian CVE
Debian CVE
added 2024/03/26 1:31 p.m.21 views

CVE-2024-29881

Removed by vendor...

6.1CVSS5.1AI score0.00722EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.5 views

PT-2024-23105

Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...

6.1CVSS6.2AI score0.00722EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.5 views

SUSE CVE-2010-0047

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...

9.3CVSS7.8AI score0.0504EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:58 a.m.4 views

SUSE CVE-2010-2768

Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS...

4.3CVSS8.2AI score0.02107EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS8.6AI score0.01351EPSS
Exploits0References4
OSV
OSV
added 2021/06/04 7:9 p.m.23 views

GHSA-GG96-F8WR-P89F Script injection

Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...

6.8CVSS7.1AI score0.01209EPSS
Exploits0References4
NVD
NVD
added 2021/06/03 6:15 p.m.20 views

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

7.3CVSS0.01209EPSS
Exploits0References3
OSV
OSV
added 2021/06/03 6:15 p.m.14 views

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

7.3CVSS7.2AI score
Exploits0References3
Prion
Prion
added 2021/06/03 6:15 p.m.18 views

Design/Logic Flaw

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

4.9CVSS7.1AI score0.01209EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/06/03 5:25 p.m.26 views

CVE-2021-32661 TechDocs object element script injection

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

6.8CVSS7.3AI score0.01209EPSS
Exploits0References3
Veracode
Veracode
added 2021/04/29 11:56 a.m.25 views

Content-Security Policy (CSP) Bypas

firefox is vulnerable to content-security policy bypass. Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allows the execution of scripts that should have been blocked...

7.5CVSS1.9AI score0.01351EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2020/05/26 6:15 p.m.18 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS7.9AI score0.01351EPSS
Exploits0References2
OSV
OSV
added 2020/05/26 6:15 p.m.2 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS7.3AI score0.01351EPSS
Exploits0References2
Prion
Prion
added 2020/05/26 6:15 p.m.25 views

Design/Logic Flaw

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

5CVSS7.3AI score0.01351EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2020/05/26 5:2 p.m.43 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS8AI score0.01351EPSS
Exploits0
Cvelist
Cvelist
added 2020/05/26 5:2 p.m.31 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.9AI score0.01351EPSS
Exploits0References2
CVE
CVE
added 2020/05/26 5:2 p.m.183 views

CVE-2020-12391

CVE-2020-12391 affects Firefox up to version 76. The issue is that documents formed using data: URLs in an OBJECT element do not inherit the CSP of the creating context, which can allow the execution of scripts that should be blocked, albeit with a unique opaque origin. The description explicitly...

7.5CVSS7.8AI score0.01351EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2020/05/26 5:2 p.m.33 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS8.9AI score0.01351EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2020/05/07 12:0 a.m.20 views

CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS7.3AI score0.01351EPSS
Exploits0References3
OSV
OSV
added 2020/05/07 12:0 a.m.1 views

UBUNTU-CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS7.4AI score0.01351EPSS
Exploits0References4
Rows per page
Query Builder