Page 268 of 37488 results (0.063 seconds)

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A Cross-site Scripting (XSS) vulnerability allows an untrusted note opened in safe mode to execute arbitrary code. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-hjmq-3qh4-g2r8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

A Cross-site Scripting (XSS) vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. ... As such, the `onload` attribute of pasted images can execute arbitrary code. • https://github.com/laurent22/joplin/security/advisories/GHSA-m59c-9rrj-c399 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.9EPSS: 0%CPEs: 1EXPL: 0

A remote code execution (RCE) vulnerability in affected versions allows clicking on a link in a PDF in an untrusted note to execute arbitrary shell commands. Clicking links in PDFs allows for arbitrary code execution because Joplin desktop: 1. has not disabled top redirection for note viewer iframes, and 2. and has node integration enabled. This is a remote code execution vulnerability that impacts anyone who attaches untrusted PDFs to notes and has the icon enabled. ... Una vulnerabilidad de ejecución remota de código (RCE) en las versiones afectadas permite hacer clic en un enlace en un PDF en una nota que no es de confianza para ejecutar comandos de shell arbitrarios. • https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#sandbox https://github.com/laurent22/joplin/security/advisories/GHSA-g8qx-5vcm-3x59 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.3EPSS: 0%CPEs: 13EXPL: 0

An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://support.eset.com/ca8674 • CWE-269: Improper Privilege Management •

CVSS: 5.3EPSS: 0%CPEs: -EXPL: 0

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Alpine Halo9 devices. ... An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. •