Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6723 matches found

NVD
NVDadded 2022/12/22 8:15 p.m.12 views

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

6.1CVSS0.00395EPSS
Exploits0References2
OSV
OSVadded 2022/12/22 8:15 p.m.2 views

DEBIAN-CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.8CVSS8.4AI score0.00937EPSS
Exploits0References1
OSV
OSVadded 2022/12/22 8:15 p.m.1 views

DEBIAN-CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS7.3AI score0.00561EPSS
Exploits0References1
OSV
OSVadded 2022/12/22 8:15 p.m.7 views

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.1CVSS9AI score
Exploits0References4
OSV
OSVadded 2022/12/22 8:15 p.m.1 views

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

8.8CVSS7.4AI score
Exploits0References2
NVD
NVDadded 2022/12/22 8:15 p.m.20 views

CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

8.8CVSS0.00564EPSS
Exploits0References4
OSV
OSVadded 2022/12/22 8:15 p.m.8 views

CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

8.8CVSS8.5AI score
Exploits0References4
Prion
Prionadded 2022/12/22 8:15 p.m.19 views

Design/Logic Flaw

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

5.8CVSS5.8AI score0.00395EPSS
Exploits0References2Affected Software1
Prion
Prionadded 2022/12/22 8:15 p.m.14 views

Input validation

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

5.8CVSS6.9AI score0.00561EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.4 views

CVE-2022-28284

SVG's use element could have been used to load unexpected content that could have executed script in certain circumstances. While the specification seems to allow this, other browsers do not, and web developers relied on this property for script security so gecko's implementation was aligned with...

8.3AI score0.00548EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/22 12:0 a.m.15 views

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8.7AI score0.00937EPSS
Exploits0References4
CVE
CVEadded 2022/12/22 12:0 a.m.193 views

CVE-2022-34475

Mozilla Firefox vulnerability CVE-2022-34475 involves SVG tags referencing a same-origin document that could lead to script execution if attacker input is sanitized via the HTML Sanitizer API. Affected product: Firefox prior to version 102. Root cause: improper handling of in combination with s...

6.1CVSS6.6AI score0.00395EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.4 views

CVE-2022-34468

An iframe that was not permitted to run scripts could do so if the user clicked on a javascript: link. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

8AI score0.00937EPSS
Exploits0References4
CVE
CVEadded 2022/12/22 12:0 a.m.156 views

CVE-2022-28284

CVE-2022-28284 affects Mozilla Firefox older than 99. The SVG element could load unexpected content and execute scripts, aligning Gecko with other browsers but diverging from spec-driven security expectations. Impact is high across confidentiality, integrity, and availability. Firefox 99 and lat...

8.8CVSS8AI score0.00548EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.6 views

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

6.2AI score0.00395EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/22 12:0 a.m.18 views

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

7.5AI score0.00561EPSS
Exploits0References4
CVE
CVEadded 2022/12/22 12:0 a.m.495 views

CVE-2022-22763

CVE-2022-22763 describes a post-shutdown script execution issue in Mozilla Firefox, Thunderbird and Firefox ESR where a worker could run late in the lifecycle after it should be prevented. Affected products: Firefox < 96, Thunderbird < 91.6, Firefox ESR

8.8CVSS8.3AI score0.00564EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.8 views

CVE-2022-22763

When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

8AI score0.00564EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.7 views

CVE-2022-29911

An improper implementation of the new iframe sandbox keyword allow-top-navigation-by-user-activation could lead to script execution without allow-scripts being present. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6AI score0.00561EPSS
Exploits0References4
Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.36 views

CVE-2022-34475

SVG use tags that referenced a same-origin document could have resulted in script execution if attacker input was sanitized via the HTML Sanitizer API. This would have required the attacker to reference a same-origin JavaScript file containing the script to be executed. This vulnerability affects...

6.1CVSS7.9AI score0.00395EPSS
Exploits0
Rows per page
Query Builder