108 matches found
The vulnerability of the Thunderbird email client, related to the disclosure of information, allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Thunderbird email client is related to the exposure of information. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through the src attribute...
PT-2021-15503 · Video.Js +1 · Video.Js +1
Name of the Vulnerable Software and Affected Versions: video.js versions prior to 7.14.3 Description: The issue allows bypassing HTML escaping and executing arbitrary code through the src attribute of the track tag. Recommendations: For versions prior to 7.14.3, update to version 7.14.3 or later ...
Input validation
In YzmCMS 5.6, XSS was discovered in member/membercontent/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3...
CVE-2020-23369
CVE-2020-23369 affects YzmCMS 5.6, where a cross-site scripting vulnerability exists in member/member_content/init.html due to using UEditor 1.4.3.3 . The underlying issue is an XSS via the SRC attribute of an IFRAME element, allowing injected scripts. Public records in NVD/CNVD/CNNVD confirm the...
CVE-2020-23369
In YzmCMS 5.6, XSS was discovered in member/membercontent/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3...
CVE-2019-12367
The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12370
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12368
The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12366
The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12184
CVE-2019-12184 affects BoostIO Boostnote 0.11.15. The vulnerability is an XSS in browser/components/MarkdownPreview.js triggered via a label named flowchart, sequence, gallery, or chart, demonstrated by a crafted SRC attribute of an IFRAME element. The connected Red Hat CVE-2019-12184 entry mirro...
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
Cross site scripting
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
CVE-2019-12136
There is XSS in BoostIO Boostnote 0.11.15 via a label named mermaid, as demonstrated by a crafted SRC attribute of an IFRAME element...
CVE-2019-12136
BoostIO Boostnote 0.11.15 is affected by CVE-2019-12136. The vulnerability is an XSS in the UI when processing a label named mermaid, exploitable via a crafted SRC attribute of an IFRAME element. The issue originates from Boostnote’s rendering path for this label, enabling injection of malicious ...
CVE-2018-18909
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...
CVE-2018-18909
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...
CVE-2018-18909
The CVE-2018-18909 entry applies to xhEditor (version 1.2.2). The underlying issue is a cross-site scripting (XSS) vulnerability: an attacker can inject JavaScript code in the SRC attribute of an IFRAME element within the editor’s source-code view. This is evidenced by multiple connected records ...
CVE-2018-18909
xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view...
CVE-2018-14399
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...
CVE-2018-14399
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...