4 matches found
EUVD-2025-209659
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
CVE-2025-31970
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...
firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims
The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...
A vulnerability in the Mozilla SeaMonkey software product, which allows a malicious individual to execute arbitrary code.
Mozilla SeaMonkey’s software product contains a vulnerability related to an implementation error in the content protection policy when working with XSLT style sheets. Exploiting this vulnerability allows malicious actors to execute arbitrary XSLT code, despite the insufficient restrictions impose...