CVE-2022-24227

A cross-site scripting XSS vulnerability in BoltWire v7.10 and v 8.00 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the name and lastname parameters...

PluXml 安全漏洞

PluXml is a free and open source content management system that does not require a database to work. PluXml suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML...

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2022:0538)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:0538-1 advisory. - Mozilla: Extensions could have bypassed permission confirmation during update CVE-2022-22754 - Mozilla: Memory safety bugs fixed in Firefox 97...

CVE-2022-0572

A heap-based buffer overflow flaw was found in vim's exretab function of indent.c file. This flaw occurs when repeatedly using ":retab." This flaw allows an attacker to trick a user into opening a crafted file triggering a heap-overflow. Mitigation Untrusted vim scripts with -s scriptin are not...

Mozilla: Sandboxed iframes could have executed script if the parent appended elements

The Mozilla Foundation Security Advisory describes this flaw as: If a document created a sandboxed iframe without allow-scripts and subsequently appended an element to the iframe's document that, for example, had a JavaScript event handler - the event handler would have run despite the iframe's...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla: Script Execution during invalid object state

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

ALSA-2022:0510 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.6.0 ESR. Security Fixes: Mozilla: Extensions could have bypassed permission confirmation during update CVE-2022-22754 Mozilla: Memory safety...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

MGASA-2022-0061 Updated thunderbird packages fix security vulnerabilities

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions CVE-2022-22754. If a user was convinced to drag and drop an image to their desktop or other folder,...

CVE-2022-22763

The Mozilla Foundation Security Advisory describes this flaw as: When a worker was shut down, it was possible to cause the script to run late in the lifecycle, at a point where it should not be possible...

Mozilla Firefox ESR Security Advisories (MFSA2022-04, MFSA2022-05) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

Mozilla Firefox 代码问题漏洞

A code issue vulnerability exists in Mozilla Firefox, an open source Web browser from the Mozilla Foundation, which stems from the product's failure to restrict the lifecycle of script execution. An attacker could use this vulnerability to cause scripts to execute in an invalid object state...

Schneider Electric PowerLogic PM5560 Improper Neutralization of Input During Web Page Generation (CVE-2018-7795)

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code. Th...

CVE-2021-43841

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that...

CVE-2021-43841

CVE-2021-43841 — XWiki Platform SVG upload XSS . In the default XWiki configuration, an attacker could upload an SVG containing a script that executes when a user performs a file download. The issue has been mitigated by patching the default configuration to stop displaying SVG files in the brows...

CVE-2021-22812

A CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists that could cause arbritrary script execution when a privileged account clicks on a malicious URL specifically crafted for the NMC. Affected Products: 1-Phase Uninterruptible Power...