20 matches found
EUVD-2009-0081
Malware in sbrugna...
EUVD-2012-2559
Malware in sbrugna...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the data-iframeconfig attribute. An attacker can execute arbitrary JavaScript in the context of the affected site by injecting malicious attributes such as onload or onmouseenter through wikitext. Details...
Linux Distros Unpatched Vulnerability : CVE-2018-6561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element. CVE-2018-6561 Note that Nessus relies on the presence of the package as...
CVE-2022-40011
Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim's origin...
GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection
The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...
CVE-2018-19919
Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...
CVE-2018-6506
Cross-Site Scripting XSS exists in the Add Forum feature in the Administrative Panel in miniBB 3.2.2 via crafted use of an onload attribute of an SVG element in the supertitle field...
miniBB Cross-Site Scripting Vulnerability
miniBB full name Minimalistic Bulletin Board is a free, open source Internet forum software. The software supports a variety of forum styles , multiple interface languages , multiple time zones , plug-ins and extensions , etc. Administrative Panel is one of the administrative panel . A cross-site...
Dojo Toolkit Cross-Site Scripting Vulnerability
Dojo Toolkit is the Dojo Foundation an open source DHTML toolkit implemented in the JavaScript language . The toolkit is easy to build interactive user interface , Dojo's extension package can make the user's code easier to maintain , less coupling , etc. dijit.Editor is one of the WYSIWYG editor...
Cross site scripting
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
DEBIAN-CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
CVE-2018-6561
dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...
Khan Academy: XSS through document projects
Hello, I'm Ethan Luis McDonough @elmt2 on Khan Academy, and I found a way to inject scripts into document projects. Since KA document projects output HTML, I can edit the PUT request that updates projects https://www.khanacademy.org/api/internal/scratchpads/ID and inject JavaScript code inside an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
Microsoft IE screen[""]远程拒绝服务漏洞
BUGTRAQ ID: 33149 CVECAN ID: CVE-2009-0072 Internet Explorer是Windows操作系统中默认捆绑的WEB浏览器。 如果用户通过Internet Explorer打开网页的BODY单元中设置了onload=screen""属性值的话,就会导致浏览器崩溃。 Microsoft Internet Explorer 8 beta 2 Microsoft Internet Explorer 8 beta 1 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 厂商补...
PT-2009-2774 · Microsoft · Internet Explorer
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6.0 through 8.0 beta2 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by using an onload attribute with a specific value,...
Cross site scripting
Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...
CVE-2007-1161
Cross-site scripting XSS vulnerability in callentry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problemdesc parameter, as demonstrated by the ONLOAD attribute of a BODY element...