72 matches found
CVE-2024-29881
Removed by vendor...
PT-2024-23105
Name of the Vulnerable Software and Affected Versions TinyMCE versions prior to 6.8.1 TinyMCE versions prior to 7.0.0 Description A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed...
SUSE CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors related to "HTML object element fallback content."...
SUSE CVE-2010-2768
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict use of the type attribute of an OBJECT element to set a document's charset, which allows remote attackers to bypass cross-site scripting XSS...
SUSE CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
GHSA-GG96-F8WR-P89F Script injection
Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
CVE-2021-32661
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
Design/Logic Flaw
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
CVE-2021-32661 TechDocs object element script injection
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...
Content-Security Policy (CSP) Bypas
firefox is vulnerable to content-security policy bypass. Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allows the execution of scripts that should have been blocked...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
Design/Logic Flaw
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
CVE-2020-12391
CVE-2020-12391 affects Firefox up to version 76. The issue is that documents formed using data: URLs in an OBJECT element do not inherit the CSP of the creating context, which can allow the execution of scripts that should be blocked, albeit with a unique opaque origin. The description explicitly...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...
UBUNTU-CVE-2020-12391
Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...