CVE-2020-37103

DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files with XHTML namespace scripts to execute arbitrary JavaScript in users' browsers, potentially...

Composr Cross-Site Scripting Vulnerability

Composr is an open source content management system CMS with advanced social, interactive and dynamic features. A cross-site scripting vulnerability exists in Composr version 10.0.36. The vulnerability can be exploited to conduct cross-site scripting attacks via XML scripts...

Debian Security Advisory DSA 779-2 (mozilla-firefox)

The remote host is missing an update to mozilla-firefox announced via advisory DSA 779-2. We experienced that the update for Mozilla Firefox from DSA 779-1 unfortunately was a regression in several cases. Since the usual praxis of backporting apparently does not work, this update is basically...

acroread -- XML External Entity vulnerability

Sverre H. Huseby discovered a vulnerability in Adobe Acrobat and Adobe Reader. Under certain circumstances, using XML scripts it is possible to discover the existence of local files...