6715 matches found
Security Vulnerabilities fixed in Firefox 96 — Mozilla
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.This bug only affects Firefox for Windows. Other operating systems are unaffected. When navigating from inside an iframe while requesting fullscreen access,...
Input validation
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...
CVE-2021-42841
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...
CVE-2022-21650
Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after...
Cross-site Scripting (XSS) - Stored in erudika/scoold
Description The Schold is a Q&A/knowledge base platform written in Java. When writing a Q&A, you can use the markdown editor. So I tried to exploit the syntax to try an XSS attack. It seemed to validate javascript: on the backend. So I couldn't use it. However, according to RFC3986, the scheme ca...
Privoxy 跨站脚本漏洞
Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...
DEBIAN-CVE-2021-38503
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
CVE-2021-25520
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet...
CVE-2020-22719
Shimo Document v2.0.1 contains a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field...
CVE-2021-24834
The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is...
PT-2021-6670 · Unknown +1 · Ckeditor 4 +1
Name of the Vulnerable Software and Affected Versions: CKEditor 4 versions prior to 4.17.0 Description: A vulnerability has been discovered in the core HTML processing module of CKEditor 4, which may affect all plugins used by the editor. This issue allows an attacker to inject malformed comments...
rwtxt vulnerable to cross-site scripting
Overview rwtxt provided by Zack Scholl is a light-weight content management system CMS that enables to share and/or view any text saved online. rwtxt contains a cross-site scripting vulnerability CWE-79. Ito Reo of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...
Ruijie Rg-Uac 跨站脚本漏洞
Ruijie Rg-Uac is an Internet behavior management and auditing product from China Ruijie Networks Ruijie. It is used to solve Internet auditing problems. A security vulnerability exists in the Ruijie RG-UAC 6000-E50 commit 9071227, which can be exploited by an attacker to execute arbitrary web...
Mozilla Firefox Security Advisory (MFSA2015-121) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Insightly: Stored XSS via LINK Name.
The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...