Cross-site scripting vulnerability in WordPress plugin (CNVD-2021-44298)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . A security vulnerability exists in the Smooth Scroll Page...

CVE-2021-24331

CVE-2021-24331 affects the WordPress plugin “Smooth Scroll Page Up/Down Buttons” (versions before 1.4). The root cause is improper sanitization/validation of settings (e.g., psb_distance, psb_buttonsize, psb_speed), with validation limited to the client side, enabling authenticated users (e.g., a...

July 13, 2021-KB5004115 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016

July 13, 2021-KB5004115 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server, version 2016 Release Date: July 13, 2021 Version: .NET Framework 4.8 The July 13, 2021 update for Windows 10, version 1607 and Windows Server, version 2016 includes cumulative...

Smooth Scroll Page Up/Down Buttons < 1.4 - Authenticated Stored XSS

The plugin did not properly sanitise and validate its settings, such as psbdistance, psbbuttonsize, psbspeed, only validating them client side. This could allow high privilege users such as admin to set XSS payloads in them -- Payloads: $ " autofocus=autofocus onfocus=alertdocument.cookie; " $ "...

July 13, 2021-KB5003539 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909

July 13, 2021-KB5003539 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10, version 1909 Release Date: July 13, 2021 Version: .NET Framework 3.5 and 4.8 The July 13, 2021 update for Windows 10, version 1909 includes cumulative reliability improvements in .NET Framework 3.5 and 4.8. W...

OS Command Injection

onion-oled-js is vulnerable to OS command injection. An attacker is able to inject and execute arbitrary OS command via the scroll function due to the usage of exec with untrusted user input...

CVE-2021-23377 Arbitrary Command Injection

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

The vulnerability in the implementation of the Scroll-To-Text mode in the Google Chrome browser allows a perpetrator to gain access to confidential data.

The vulnerability of the Scroll-To-Text mode implementation in Google Chrome is related to the exposure of information through inconsistencies. Exploiting this vulnerability can allow an attacker to gain access to confidential data remotely...

Arbitrary Command Injection

Overview onion-oled-js is a JS library that exposes a collection of functions that wrap the oled-exp executable that controls the onion omega OLED display. Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given to the scroll...

kernel: kernel: buffer over write in vgacon_scroll

A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VTRESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the...

Mozilla: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario

The Mozilla Foundation Security Advisory describes this flaw as: When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-1236)

The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. This update is signed with the new UEFI signing key for openSUSE. It contains rebuilds of all available KMP packages also rebuilt with the new UEFi signing key. boo1174543 The following security bugs were fixed : ...

chromium-browser: Side-channel information leakage in scroll to text

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

iOS14 shows Instagram opens camera even when users scroll photo feed

By Zara Khan iPhone's iOS14 shows that Instagram opens the user's camera even when... This is a post from HackRead.com Read the original post: iOS14 shows Instagram opens camera even when users scroll photo feed...

UBUNTU-CVE-2020-6531

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Google Chrome Information Leakage Vulnerability (CNVD-2020-43474)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An information leakage vulnerability exists in "Scroll to Text" in Google Chrome versions prior to 84.0.4147.89, which can be exploited by attackers to obtain...

January 23, 2020—KB4534324 (Preview of Monthly Rollup)

January 23, 2020—KB4534324 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4534297released January 14, 2020 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an...

openSUSE Security Update : links (openSUSE-2019-2185)

This update for links fixes the following issues : links was updated to 2.20.1 : - libevent bug fixes links was updated to 2.20 : - Security bug fixed: when links was connected to tor, it would send real dns requests outside the tor network when the displayed page contains link elements with...

Security update for links (moderate)

openSUSE Security Update: Security update for links Announcement ID: openSUSE-SU-2019:2185-1 Rating: moderate References: 1149886 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that contains security fixes can now be...

scroll to top - Moderately critical - Cross site scripting - SA-CONTRIB-2019-061

The Scroll To Top module enables you to have an animated scroll to top link in the bottom of the node. The module does not sufficiently filter configuration text leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with...