CVE-2024-26283

HIGH Year: 2024
CVSS v3 Score
7.8
High
Weakness Type
CWE-83
View all →

Vulnerability Description

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.

Related Vulnerabilities

CVE-2023-30958

MEDIUM
CVSS:6.1(Medium)

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundr...

CWE-832023

CVE-2023-32070

MEDIUM
CVSS:6.1(Medium)

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attrib...

CWE-832023

CVE-2024-9103

MEDIUM
CVSS:6.1(Medium)

Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.

CWE-832024

CVE-2023-37908

CRITICAL
CVSS:9.6(Critical)

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, all...

CWE-832023

CVE-2023-37908

CRITICAL
CVSS:9.6(Critical)

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, all...

CWE-832023

CVE-2023-30958

MEDIUM
CVSS:6.1(Medium)

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundr...

CWE-832023