257 matches found
CVE-2024-33905
In Telegram WebK before 2.0.0 488, a crafted Mini Web App allows XSS via the postMessage webappopenlink event type...
CVE-2024-33905
In Telegram WebK before 2.0.0 488, a crafted Mini Web App allows XSS via the postMessage webappopenlink event type...
CVE-2024-33905
In Telegram WebK before 2.0.0 488, a crafted Mini Web App allows XSS via the postMessage webappopenlink event type...
CVE-2024-33905
Telegram WebK before 2.0.0 is affected by an XSS flaw in the Mini Web App via the postMessage web_app_open_link event. Root cause: crafted Mini Web Apps can inject scripts. Affected product: Telegram WebK, versions prior to 2.0.0 (488). Reported by multiple sources; exploitation details are not p...
CVE-2023-48679
Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
Cross site scripting
Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
CVE-2023-48679
Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
CVE-2023-48679
Stored cross-site scripting XSS vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 Linux, Windows before build 37391...
PT-2024-13620 · Acronis · Acronis Cyber Protect 16
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 versions before build 37391 Description: A stored cross-site scripting XSS issue exists due to missing origin validation in postMessage. This allows for potential exploitation. The estimated number of affected devices...
Acronis Cyber Protect Cross-Site Scripting Vulnerability
Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Singapore. It combines backup, anti-malware, network security, and endpoint management features such as vulnerability assessment, URL filtering, patch management, and more. A cross-site...
CVE-2023-46252
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
Cross site scripting
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
CVE-2023-46252 Cross-Site Scripting (XSS) via postMessage Handler in Squidex
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
CVE-2023-46252 Cross-Site Scripting (XSS) via postMessage Handler in Squidex
Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting XSS vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global messa...
Squidex Cross-Site Scripting Vulnerability
squidex is a Headless CMS and Content Management Center. A cross-site scripting vulnerability exists in Squidex version 7.8.2, which stems from a lack of raw validation in the postMessage handler, leading to a cross-site scripting XSS vulnerability...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
Code injection
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...