GHSA-7H4W-6P98-R3WX textAngular Cross-site Scripting vulnerability

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

GHSA-MV37-XRMC-HF64 Microweber Cross-site Scripting vulnerability

Microweber is a drag and drop website builder and content management system. Versions 1.2.12 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. A fix was attempted i...

Cross site scripting

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

Cross site scripting

Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue...

CVE-2021-32854 textAngular text editor vulnerable to Cross-site Scripting

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

PT-2023-12186 · Unknown · Textangular

Name of the Vulnerable Software and Affected Versions: textAngular versions 1.5.16 and prior Description: The issue is related to copy-paste cross-site scripting XSS in textAngular, a text editor for Angular.js. For this particular type of XSS, the victim needs to be fooled into copying a malicio...

PT-2023-12188 · Unknown · Microweber

Name of the Vulnerable Software and Affected Versions: Microweber versions 1.2.12 and prior Description: The issue concerns a copy-paste cross-site scripting XSS flaw. This type of XSS requires the victim to be tricked into copying a malicious payload into the text editor. Recommendations: For...

CVE-2021-32854

The CVE-2021-32854 issue affects textAngular (Angular.js) versions 1.5.16 and earlier, due to a copy-paste cross-site scripting (XSS) flaw in the editor. The root cause is an XSS vulnerability triggered when a user pastes malicious payloads into the text editor. No patched versions are identified...

SUSE CVE-2010-1388

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and before 4.1 on Mac OS X 10.4, does not properly handle clipboard 1 drag and 2 paste operations for URLs, which allows user-assisted remote attackers to read arbitrary files via a crafted HTML document...

SUSE CVE-2010-1389

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a 1 paste or 2 drag-and-drop operation for a...

SUSE CVE-2012-0878

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...

SUSE CVE-2013-2120

The %password... macro in pastemacroexpander.cpp in the KDE Paste Applet before 4.10.5 in kdeplasma-addons does not properly generate passwords, which allows context-dependent attackers to bypass authentication via a brute-force attack...

SUSE CVE-2013-2213

The KRandom::random function in KDE Paste Applet after 4.10.5 in kdeplasma-addons uses the GNU C Library rand function's linear congruential generator, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the generator output...

SUSE CVE-2013-6672

Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations...

SUSE CVE-2015-1852

The s3token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configuration paste.ini file regardless of the value, which allows remote attackers to conduct...

SUSE CVE-2015-4476

Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute...

SUSE CVE-2017-14228

In Netwide Assembler NASM 2.14rc0, there is an illegal address access in the function pastetokens in preproc.c, aka a NULL pointer dereference. It will lead to remote denial of service...

SUSE CVE-2017-17818

In Netwide Assembler NASM 2.14rc0, there is a heap-based buffer over-read that will cause a remote denial of service attack, related to a while loop in pastetokens in asm/preproc.c...

SUSE CVE-2019-8343

In Netwide Assembler NASM 2.14.02, there is a use-after-free in pastetokens in asm/preproc.c...

SUSE CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...