CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing...

Mail.ru: XSS in touch.mail.ru

Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...

Microsoft Edge Undo Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...