Lucene search
+L

4 matches found

euvd
euvd
added 2026/05/06 12:30 p.m.12 views

EUVD-2025-209659

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/06 10:22 a.m.5 views

CVE-2025-31970

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting XSS...

5.3CVSS5.8AI score0.00149EPSS
Exploits0References2
redhat
redhat
added 2024/12/02 4:56 p.m.6 views

firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims

The Mozilla Foundation's Security Advisory: Enhanced Tracking Protection's Strict mode may inadvertently allow a CSP frame-src bypass and DOM-based cross-site scripting XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could expose users to malicious frames...

6.1CVSS7.2AI score0.00499EPSS
Exploits0References10
bdu_fstec
bdu_fstec
added 2016/07/05 12:0 a.m.5 views

A vulnerability in the Mozilla SeaMonkey software product, which allows a malicious individual to execute arbitrary code.

Mozilla SeaMonkey’s software product contains a vulnerability related to an implementation error in the content protection policy when working with XSLT style sheets. Exploiting this vulnerability allows malicious actors to execute arbitrary XSLT code, despite the insufficient restrictions impose...

7.5CVSS7.4AI score0.02995EPSS
Exploits0References5
Rows per page
Query Builder