Lucene search
K

149 matches found

Positive Technologies
Positive Technologies
added 2022/08/11 12:0 a.m.6 views

PT-2022-23767 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 Description: The issue concerns a reflected XSS in the /h/search?action API endpoint, which accepts parameters called extra, title, and onload that are partially sanitized. This allows for the...

6.1CVSS6.2AI score0.00407EPSS
Exploits0References6
OSV
OSV
added 2022/07/23 12:0 a.m.13 views

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.8CVSS9.9AI score0.09204EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/17 5:48 a.m.32 views

Mako contains Cross-site Scripting vulnerability

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

4.3CVSS3.7AI score0.01809EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/14 3:44 a.m.4 views

GHSA-WP32-WQ34-2RQH dijit editor cross-site scripting vulnerability

dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute of an SVG element...

6.1CVSS6.8AI score0.0115EPSS
Exploits1References4
NVD
NVD
added 2020/10/01 7:15 p.m.11 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS0.01594EPSS
Exploits0References9
OSV
OSV
added 2020/10/01 7:15 p.m.7 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS8AI score
Exploits0References9
Prion
Prion
added 2020/10/01 7:15 p.m.23 views

Design/Logic Flaw

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

4.3CVSS6.2AI score0.01594EPSS
Exploits0References9Affected Software5
RedHat Linux
RedHat Linux
added 2020/10/01 1:22 p.m.3 views

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS7.3AI score0.01594EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/10/01 1:15 p.m.5 views

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS7.3AI score0.01594EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/30 6:42 a.m.7 views

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS7.3AI score0.01594EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2020/09/25 12:0 a.m.29 views

CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS6.9AI score0.01594EPSS
Exploits0References5
OSV
OSV
added 2020/09/25 12:0 a.m.1 views

UBUNTU-CVE-2020-15676

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox 81, Thunderbird 78.3, and Firefox ESR 78.3...

6.1CVSS6.9AI score0.01961EPSS
Exploits0References6
Veracode
Veracode
added 2020/09/24 10:29 a.m.26 views

Cross-site Scripting (XSS)

Firefox is vulnerable to cross-site scripting XSS. It sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS1AI score0.01594EPSS
Exploits0References10Affected Software8
RedHat Linux
RedHat Linux
added 2020/09/24 10:19 a.m.4 views

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS7.3AI score0.01594EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/09/24 9:55 a.m.4 views

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

6.1CVSS7.3AI score0.01594EPSS
Exploits0References5
wpexploit
wpexploit
added 2019/07/05 12:0 a.m.10 views

Gallery Photoblocks < 1.1.41 - Unauthenticated Reflected XSS

Also Full Path Disclosure depending on the configuration of the server https:///wp-content/plugins/photoblocks-grid-gallery/admin/partials/photoblocks-edit.php?id="...

1.1AI score
Exploits0References1
Veracode
Veracode
added 2019/05/14 4:54 a.m.14 views

Cross-site Scripting (XSS)

simditor is vulnerable to cross-site scripting XSS. The attack can be triggered because it does not sanitize the DOM object properly, allowing an attacker to inject arbitrary Javascript within a malicious SVG element into a victim's browser via the onload parameter...

6.1CVSS5.9AI score0.01537EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/05/13 1:13 p.m.49 views

CVE-2018-19048

Simditor up to version 2.3.21 is affected by a DOM XSS (attackable via an onload attribute in a malformed SVG element). The underlying issue is improper handling/sanitization of SVG onload events, enabling injection of arbitrary JavaScript in the user’s browser. Mitigation: upgrade to version 2.3...

6.1CVSS5.9AI score0.01537EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/05 12:0 a.m.6 views

The vulnerability of the dijit.Editor text editor module library simplifies the development of JavaScript- or AJAX-based applications and websites using the Dojo Toolkit. This vulnerability allows attackers to perform cross-site scripting attacks.

The vulnerability of dijit.Editor, a text editor that is part of the modular library for simplifying the development of JavaScript- or AJAX-based applications and Dojo Toolkit websites, is related to the unsafe use of the onload attribute for SVG elements. Exploiting this vulnerability could allo...

6.1CVSS6AI score0.0115EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/12/06 8:29 p.m.20 views

CVE-2018-19919

Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php datatitle parameter, as demonstrated by a crafted onload attribute of an SVG element...

4.8CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder