6722 matches found
Mozilla Firefox Security Advisory (MFSA2015-121) - Linux
This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Schneider Electric Nmc Embedded Devices 跨站脚本漏洞
The Schneider Electric Nmc Embedded Devices are a type of Nmc Embedded Devices from Schneider Electric France. A cross-site scripting vulnerability exists in Schneider Electric Nmc Embedded Devices and NMC Embedded Devices that can be exploited by an attacker to execute arbitrary script...
Insightly: Stored XSS via LINK Name.
The LINK NAME was not properly escaped at the Templates page, leading to Stored XSS. The name was reflected in the tag, and due to lack of sanitization, the user could break out of the tag and execute the XSS...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
CVE-2020-18259
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...
Cross site scripting
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting XSS vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields...
Mozilla: iframe sandbox rules did not apply to XSLT stylesheets
The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...
CVE-2021-38492
CVE-2021-38492 affects Mozilla Firefox on Windows, where delegating navigations to the OS could accept mk: URLs and load Internet Explorer in unprivileged mode. The vulnerability impacts Firefox versions older than 92 (and related Thunderbird/ ESR lines). Remediation is to upgrade to Firefox 92+ ...
UBUNTU-CVE-2021-38503
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...
FortiSIEM - privilege escalation by script executionution in Windows Agent
An improper privilege management vulnerability CWE-269 in the FortiSIEM Windows Agent may allow an authenticated user to execute unauthorized code or commands as a privileged user via script execution...
CVE-2021-37915
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdbdebugserver variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined...
CVE-2021-37915
The CVE-2021-37915 entry affects Grandstream HT801 Analog Telephone Adapters prior to firmware 1.0.29.8. The root cause is in the limited configuration shell, where an attacker can set the gdb_debug_server variable during configuration; after reboot, the device downloads and executes scripts from...
Tiki Wiki 跨站脚本漏洞
Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4 that allows an attacker to execute arbitrary web script or HTML via a crafted payload under the Create Category module...
Tiki Wiki 跨站脚本漏洞
Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in TikiWiki v21.4, which allows an attacker to execute arbitrary web script or HTML by adding a payload under the Events module...