CVE-2023-53890

CVE-2023-53890 is associated with Perch CMS 3.2 and involves a stored cross-site scripting vulnerability where authenticated users can upload SVG files containing embedded JavaScript. The underlying issue is that crafted SVGs with script tags can execute when viewed, enabling client-side attacks ...

EUVD-2024-3092

Malicious code in bioql PyPI...

EUVD-2024-0159

Malicious code in bioql PyPI...

CVE-2022-24833

PrivateBin is minimalist, open source online pastebin clone where the server has zero knowledge of pasted data. In PrivateBin v1.4.0 a cross-site scripting XSS vulnerability was found. The vulnerability is present in all versions from v0.21 of the project, which was at the time still called...

Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

Description The plugin does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Upload an SVG with the following code: alert"xss"; Access the uploaded file directly to see the XSS...

SUSE-SU-2023:0811-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 bsc1208065 - CVE-2022-41723: Require Go 1.19 or newer bsc1208293 - Update to version 8.5.20: CVE-2022-23552: Security: SVG: Add dompurify preprocess...

Updated lilypond package fixes a security vulnerability

It was discovered that Lilypond, a program for typesetting sheet music, did not restrict the inclusion of Postscript and SVG commands when operating in safe mode, which could result in the execution of arbitrary code when rendering a typesheet file with embedded Postscript code. CVE-2020-17353...

Topcoder: SVG file upload leads to XML injection

Summary: Upload Avatar option allows the user to upload image/ . Thus enabling the upload of many file formats including SVG files MIME type: image/svg+xml SVG files are XML based graphics files in 2D images. Thus, this opens up an attack vector to upload specially crafted malicious SVG files. Th...

Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

Apple TV < 7.0.3 Multiple Vulnerabilities

According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution...

RedHat Update for librsvg2 RHSA-2011:1289-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...