DEBIAN-CVE-2025-69993

Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...

CVE-2026-27223

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

python-werkzeug: cookie prefixed with = can shadow unprefixed cookie

A flaw was found in python-werkzeug. Browsers may allow "nameless" cookies like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie for another subdomain. If a Werkzeug application is running next to a...

PT-2023-2612 · Werkzeug +5 · Werkzeug +5

Name of the Vulnerable Software and Affected Versions: Werkzeug versions prior to 2.2.3 Description: The issue is related to how Werkzeug handles "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to...

PYSEC-2018-45

It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to...

OWASP Java Encoder Filter Bypass

Product: OWASP Java Encoder Vulnerability: Mutation Based XSS Bypass Impact: Medium/Limited Authors: Rafay Baloch And Alex Infuhr Company: RHAinfoSEC Website: http://services.rafayhackingarticles.net Status: To be fixed in the next release ========= Description ========= Owasp encoder is an...

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure

Opera 7.xFirefox 1.0Internet Explorer 6.0 - Information Disclosure source: https://www.securityfocus.com/bid/12723/info Multiple browsers are reported prone to an information disclosure weakness. This issue can allow an attacker to determine information such as the location of files, file names a...