Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

Debian Security Advisory 5820-1

Debian Linux Security Advisory 5820-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, spoofing or cross-site scripting.

Packet Storm
#xss#web#linux#debian#firefox
Simple Chat System 1.0 Cross Site Scripting

Simple Chat System version 1.0 suffers from a cross site scripting vulnerability.

Russian FSB Cross Site Scripting

The Russian FSB appears to suffer from a cross site scripting vulnerability. The researchers who discovered it have reported it multiple times to them.

Laravel 11.0 Cross Site Scripting

Laravel version 11.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2024-10704-03

Red Hat Security Advisory 2024-10704-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

Red Hat Security Advisory 2024-10702-03

Red Hat Security Advisory 2024-10702-03 - An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

Red Hat Security Advisory 2024-10667-03

Red Hat Security Advisory 2024-10667-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, cross site scripting, and spoofing vulnerabilities.

GHSA-9r9m-ffp6-9x4v: vue-i18n has cross-site scripting vulnerability with prototype pollution

### Vulnerability type XSS ### Description vue-i18n can be passed locale messages to `createI18n` or `useI18n`. we can then translate them using `t` and `$t`. vue-i18n has its own syntax for local messages, and uses a message compiler to generate AST. In order to maximize the performance of the translation function, vue-i18n uses bundler plugins such as `@intlify/unplugin-vue-i18n` and bulder to convert the AST in advance when building the application. By using that AST as the locale message, it is no longer necessary to compile, and it is possible to translate using the AST. The AST generated by the message compiler has special properties for each node in the AST tree to maximize performance. In the PoC example below, it is a `static` property, but that is just one of the optimizations. About details of special properties, see https://github.com/intlify/vue-i18n/blob/master/packages/message-compiler/src/nodes.ts In general, the locale messages of vue-i18n are optimized during produ...

GHSA-x4x5-jx9j-mmv7: pyspider Cross-site Scripting vulnerability

pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

GHSA-4gwv-fpmg-cmv2: Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability

Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name. This results in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. Simple Queue Plugin 1.4.5 escapes the view name.