Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

CVE-2020-18259

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

Cross site scripting

ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

CVE-2021-38492

CVE-2021-38492 affects Mozilla Firefox on Windows, where delegating navigations to the OS could accept mk: URLs and load Internet Explorer in unprivileged mode. The vulnerability impacts Firefox versions older than 92 (and related Thunderbird/ ESR lines). Remediation is to upgrade to Firefox 92+ ...

UBUNTU-CVE-2021-38503

The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

FortiSIEM - privilege escalation by script executionution in Windows Agent

An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...

CVE-2021-37915

An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdbdebugserver variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined...

CVE-2021-37915

The CVE-2021-37915 entry affects Grandstream HT801 Analog Telephone Adapters prior to firmware 1.0.29.8. The root cause is in the limited configuration shell, where an attacker can set the gdb_debug_server variable during configuration; after reboot, the device downloads and executes scripts from...

Tiki Wiki 跨站脚本漏洞

Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4 that allows an attacker to execute arbitrary web script or HTML via a crafted payload under the Create Category module...

Tiki Wiki 跨站脚本漏洞

Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4, which allows an attacker to execute arbitrary web script or HTML by adding a payload under the Events module...

Cisco Firepower Management Center 跨站脚本漏洞

Cisco Firepower Management Center FMC is the next generation firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center Software that stems from insufficient validation of user-supplied input in the web-based management interface. An...

Rocket.Chat: XSS in various MessageTypes

The Rocket.Chat vulnerability allowed arbitrary script execution in the receiving frontend client through the rendering of messages of various MessageTypes. The vulnerability affected versions 3.18.2 and 4.0.3. The issue was caused by the lack of sanitization of message parameters rendered from...

CVE-2020-36499

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...

CVE-2020-23041

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the path parameter of the list and download exception-handling. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted GET request...

Cross site scripting

Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting XSS vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

Portable Ltd Playable 代码注入漏洞

Portable Ltd Playable is a Full HD media player for Pc from Portable Ltd, UK. Portable Ltd Playable suffers from a code injection vulnerability that stems from Portable Ltd Playable v9.18 containing a code injection vulnerability in the filename parameter. An attacker could use this vulnerability...

Sugarcrm SugarCRM 跨站脚本漏洞

Sugarcrm SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM Sugarcrm, USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and information sharing and tracking of sales representatives. SugarC...