Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.basecamp:trix is a Rich Text Editor. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the copy and paste functionality. An attacker can execute arbitrary JavaScript code within the user's session by tricking a user into pasting...

PT-2025-4298 · Trix · Trix

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.12 Description: Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. The issue arises when pasting malicious code in the link field, allowing an attacker to trick the user into copyin...

ABC_Game_Engine (>=0.1.0 <=0.1.2), AgRV2K_PAC (>=0.1.0 <=0.1.1) +8717 more potentially affected by unknown CVE via paste (>=0.1.18 <=1.0.8)

paste CARGO version =0.1.18, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.15 - aa2nucaln =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0436...

PT-2024-30531 · Unknown · Trix Editor

Name of the Vulnerable Software and Affected Versions: Trix editor versions prior to 2.1.4 Description: The issue is related to a bypass of a previous fix, allowing an attacker to execute arbitrary JavaScript code within the context of the user's session when pasting malicious code. This occurs...

SUSE CVE-2015-4476

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute...

SUSE openSUSE 跨站脚本漏洞

openSUSE is a set of Linux-based free operating systems and open source community projects from SUSE Germany. A cross-site scripting vulnerability exists in openSUSE paste, which originates from the presence of cross-site scripting that can be exploited by a remote attacker to place Javascript in...

Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality

Affected packages The vulnerability has been discovered in clipboard plugin. All plugins with clipboard plugin dependency are affected: clipboard pastetext pastetools widget uploadwidget autolink tableselection Impact A potential vulnerability has been discovered in CKEditor 4 Clipboard package...

PT-2021-6524

Name of the Vulnerable Software and Affected Versions CKEditor versions 4.5.2 through 4.16.1 CKEditor 4 plugins with clipboard plugin dependency versions 4.5.2 and later, including: clipboard pastetext pastetools widget uploadwidget autolink tableselection Description The issue is related to...

UBUNTU-CVE-2021-26272

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space in the Autolink plugin...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: XSS through paste (manual and clipboard API)

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox 83, Firefox ESR 78.5, and Thunderbird 78.5...

Mozilla: Bypass of @namespace CSS sanitization during pasting

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

UBUNTU-CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

Copy-Paste Vulnerability (CVE) Denial Of Service (DoS)

CryptoppECC contains a copy of the Crypto++ aka cryptopp and libcrypto++ library inside it. The version that it contains is vulnerable to a denial of service DoS attack through the mishandling of the ASN1 encoding. Crypto++ allocates a SecByteBlock of the size that the ASN1 decoder reads as the...

Copy-Paste Vulnerability (CPV) Through Libxslt

nokogiri has a copied version of the libxslt library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-1683 - Denial of Service DoS via an out-of-bounds heap memory access. This is caused by libxslt mishandling namespace nodes leading to out-of-bounds heap memory...

Quick Photo Paste - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Quick Photo Paste published at the 'play' market has multiple vulnerabilities...