15 matches found
CVE-2026-2349
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...
CVE-2026-2349
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...
CVE-2026-2349
CVE-2026-2349: Drupal UI Icons XSS due to improper input neutralization. Affected: UI Icons module (versions 0.0.0–1.0.1 and 1.1.0–1.1.1). Condition: vulnerability requires the UI Icons for CKEditor 5 submodule to be enabled. Root cause: insufficient sanitization of user input leading to reflecte...
Drupal UI Icons 安全漏洞
Drupal UI Icons is a content management system module provided by the Drupal company that offers interface icon display and management functions. Versions of Drupal UI Icons prior to 1.0.1 and 1.1.1 contained security vulnerabilities, which were caused by improper input handling and could lead to...
@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +108 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)
dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...
PT-2026-7808
This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...
UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010
This module enables you to integrate and manage icons with Drupal. The module doesn't sufficiently sanitize user input leading to a reflected Cross-site Scripting XSS vulnerability. The vulnerability is mitigated by the fact that in order to be vulnerable, the "UI Icons for CKEditor 5" submodule...
Malicious code in cosma-ui-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 49388262dd0b3d40b1f426a488f94937d409f2ce2053702f81a099fa8ed3b3c2 The OpenSSF Package Analysis project identified 'cosma-ui-icons' @ 9999.999.3 npm as malicious. It is considered malicious because: - The packag...
Malicious code in deere-ui-icons (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4872d39ec3fd4c04d5d042ba001480f7e3d8cc24fe7f7e8b5951300aa6ddfd3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious Package
Overview deere-ui-icons is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...
CVE-2014-1561
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...
Design/Logic Flaw
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...
CVE-2014-1561
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during 1 page, 2 panel, or 3 toolbar customization...