Security
Headlines
HeadlinesLatestCVEs

Tag

#xss

fronsetia 1.1 Cross Site Scripting

fronsetia version 1.1 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#mac#debian#js#intel#auth#firefox
SEH utnserver Pro 20.1.22 Cross Site Scripting

SEH utnservyer Pro version 20.1.22 suffers from multiple persistent cross site scripting vulnerabilities.

Cross-Site Scripting Is 2024's Most Dangerous Software Weakness

MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.

Apple Urgently Patches Actively Exploited Zero-Days

Though the information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Update now! Apple confirms vulnerabilities are already being exploited

Apple has released security updates that look especially important for Intel-based Macs because they are already being exploited in the wild.

GHSA-j4v3-wwwx-5gqv: django Filer Unrestricted Upload of File with Dangerous Type

Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.

GHSA-vxcv-4xvf-pc22: django CMS Attributes Field Cross-site Scripting

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0.

GHSA-5jfw-gq64-q45f: HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through

### Impact The HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `<svg>`, `<math>` and `<noscript>`. This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxml_html_clean but may be interpreted differently by web browsers, enabling malicious scripts to bypass the cleaning process. This vulnerability could lead to Cross-Site Scripting (XSS) attacks, compromising the security of users relying on lxml_html_clean in default configuration for sanitizing untrusted HTML content. ### Patches Users employing the HTML cleaner in a security-sensitive context should upgrade to lxml 0.4.0, which addresses this issue. ### Workarounds As a temporary mitigation, users can configure lxml_html_clean with the following settings to prevent the exploitation of this vulnerability: * `remove_tags`: Specify tags to remove - their content is moved to their parents' tags. * `kill_tags`: Spec...

GHSA-m5vv-7jxc-8p6x: Redaxo Core CMS Cross Site Scripting (XSS)

The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges.

Ubuntu Security Notice USN-7113-1

Ubuntu Security Notice 7113-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.