Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2024/12/24 6:30 a.m.9 views

Koji Cross-site Scripting

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

5.4CVSS5.9AI score0.0029EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/12/24 6:30 a.m.5 views

GHSA-G2VG-8HFG-79VJ Koji Cross-site Scripting

A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code...

5.4CVSS5.1AI score0.0029EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2020/03/20 12:0 a.m.3 views

PT-2020-9397 · Unknown · Rainloop Webmail

Name of the Vulnerable Software and Affected Versions: RainLoop Webmail versions prior to 1.13.0 Description: The issue lacks XSS protection mechanisms, including xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header. Recommendations: For versions prior to...

6.1CVSS5.5AI score0.01051EPSS
Exploits1References15
OpenVAS
OpenVAS
added 2011/05/12 12:0 a.m.55 views

Debian: Security Advisory (DSA-2195-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS8.4AI score0.13333EPSS
Exploits10References3
Cvelist
Cvelist
added 2009/08/11 10:0 a.m.28 views

CVE-2009-2705

CA SiteMinder allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters...

5.8AI score0.04359EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.27 views

Ubuntu: Security Advisory (USN-398-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.7AI score0.08604EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/03/23 12:0 a.m.32 views

Ubuntu Update for mozilla-thunderbird vulnerabilities USN-400-1

Ubuntu Update for Linux kernel vulnerabilities USN-400-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4001.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mozilla-thunderbird vulnerabilities USN-400-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

7.1CVSS0.8AI score0.04292EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.37 views

Ubuntu 5.10 / 6.06 LTS / 6.10 : mozilla-thunderbird vulnerabilities (USN-400-1)

Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. CVE-2006-6506 Various flaws have been...

9.3CVSS8.7AI score0.08604EPSS
Exploits1References12
Ubuntu
Ubuntu
added 2007/01/05 2:40 a.m.59 views

USN-400-1: Thunderbird vulnerabilities

Georgi Guninski and David Bienvenu discovered that long Content-Type and RFC2047-encoded headers we vulnerable to heap overflows. By tricking the user into opening a specially crafted email, an attacker could execute arbitrary code with user privileges. CVE-2006-6506 Various flaws have been...

7.1CVSS8.6AI score0.04292EPSS
Exploits0
Rows per page
Query Builder