firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Error handling for script execution is incorrectly isolated from web content, which could allow cross-origin leak attacks...

Dassault Systèmes Project Portfolio Manager 安全漏洞

Dassault Systèmes Project Portfolio Manager is an application from Dassault Systèmes France. It is responsible for developing and implementing the project portfolio management process. A security vulnerability exists in Dassault Systèmes Project Portfolio Manager that stems from a stored cross-si...

TencentOS Server 3: libreoffice (TSSA-2024:0293)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0293 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-49580

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

GHSA-JM43-HRQ7-R7W6 XWiki allows privilege escalation through link refactoring

Impact Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

CVE-2025-49580

Summary of CVE-2025-49580 : XWiki platforms are affected by a privilege-escalation vulnerability where pages can gain script or programming rights if a link target is renamed or moved, potentially allowing execution of scripts in xobjects. Affected versions include 7.4.5 through 16.4.7 and 8.2 th...

CVE-2025-49580 XWiki allows privilege escalation through link refactoring

XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never be...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.11 MFSA 2025-46, bsc1243353: CVE-2025-5262: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14994)

Adobe Experience Manager is a comprehensive content management solution from Adobe. A cross-site scripting vulnerability exists in Adobe Experience Manager, which stems from the vulnerability of form fields to stored cross-site scripting attacks. An attacker can exploit the vulnerability to cause...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2025-12789)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12788)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12786)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14293)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14291)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14290)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-14289)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-12787)

Adobe Experience Manager is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A securit...