MiracleLinux 9 : libreoffice-7.1.8.1-15.el9_5.ML.1 (AXSA:2025-9830:02)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9830:02 advisory. libreoffice: Macro URL arbitrary script execution CVE-2025-1080 Tenable has extracted the preceding description block directly from the MiracleLinux security...

CVE-2020-24601

In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page...

EUVD-2020-17319

Malware in sbrugna...

EUVD-2020-17318

Malware in sbrugna...

PT-2025-34810 · Unknown · Badaso Cms

Name of the Vulnerable Software and Affected Versions: Badaso CMS version 2.9.11 Description: The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the...

FreeBSD : Mozilla -- 'javascript:' URLs execution (419bcf99-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 419bcf99-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: Thunderbird executed javascript: URLs when used in object and embed tags...

Mozilla Firefox ESR < 128.13

The version of Firefox ESR installed on the remote Windows host is prior to 128.13. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-58 advisory. - Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140....

RHEL 9 : libreoffice (RHSA-2025:3549)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3549 advisory. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a...

Important: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

Important: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

ALSA-2025:2868 Important: libreoffice security update

LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and...

Cross site scripting

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50965)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.5.1 suffers from a stored cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary malicious URLs...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2020-50966)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. A cross-site scripting vulnerability exists in Ignite Realtime Openfire 4.5.1, which can be exploited by an attacker via the "searchName", "searchValue", " searchDescription",...

CVE-2020-9413

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...

Input validation

In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. No information could be saved on the server or jspwiki database, nor would an attacker be able to execute js on someone else's browser; only on its own browser...

CVE-2017-5458

When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox 53...

DSA-3165-1 xdg-utils - security update

Bulletin has no description...

Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : thunderbird vulnerabilities (USN-1510-1)

Benoit Jacob, Jesse Ruderman, Christian Holler, Bill McCloskey, Brian Smith, Gary Kwong, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey discovered memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted page, an attacker could possibly explo...

CVE-2008-0283

PHP remote file inclusion vulnerability in /aides/index.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter...