38 matches found
PT-2026-33091
A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this vulnerability in the Cisco Webex Contact Center service, and no customer action is needed. This...
Duplicate Advisory: OpenClaw's system.run approvals did not bind mutable script operands across approval and execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8g75-q649-6pv6. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are no...
EUVD-2021-0117
Malware in sbrugna...
EUVD-2017-14564
Malware in sbrugna...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
Mozilla: Cross-origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...
CVE-2023-40370
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...
Cross site request forgery (csrf)
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...
CVE-2023-40370 IBM Robotic Process Automation information disclosure
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470...
IBM Robotic Process Automation 安全漏洞
IBM Robotic Process Automation is a robotic process automation product from International Business Machines IBM. helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. A security vulnerability exists in IBM Robotic Process Automation versions 21.0.0...
Security Bulletin: IBM Robotic Process Automation is vulnerable to information disclosure of script content (CVE-2023-40370)
Summary IBM Robotic Process Automation runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. Vulnerability Details CVEID:CVE-2023-40370 DESCRIPTION: IBM Robotic Process Automation runtime is vulnerable to information disclosure of...
SUSE CVE-2020-15652
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79, Firefox ESR 68.11, Firefox ESR 78.1, Thunderbird 68.11, and Thunderbi...
Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types
A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing resources using Web Workers, error messages would distinguish the difference between application/javascript responses and non-script responses. This could have been abused to learn...
DEBIAN-CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
AZL-7025 CVE-2021-43818 affecting package python-lxml for versions less than 4.8.0-1
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
PYSEC-2021-852
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...
Hardcoded credentials
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content in SVG files embedded using data URIs. Users that employ the HTML cleaner in a security relevant...