Masatokinugawa

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.10.9 TinyMCE versions prior to 6.7.3 **Description** A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitisation layer when the content is parsed into the editor body, but can trigger XSS when the special internal marker is removed from the content and re-parsed. The vulnerability occurs when serialised HTML content is processed before being stored in the undo stack, or when the following APIs and plugins are used: `tinymce.Editor.getContent({ format: 'raw' })`, `tinymce.Editor.resetContent()`, and the Autosave Plugin. **Recommendations** - Upgrade to TinyMCE 5.10.9 or higher for TinyMCE 5.x. - Upgrade to TinyMCE 6.7.3 or higher for TinyMCE 6.x.

**Name of the Vulnerable Software and Affected Versions** TinyMCE versions prior to 5.10.8 TinyMCE versions prior to 6.7.1 **Description** A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before being stored in the undo stack. If the HTML snippet is restored from the undo stack, the combination of the string manipulation and reparative parsing by either the browser's native DOMParser API (TinyMCE 6) or the SaxParser API (TinyMCE 5) mutates the HTML maliciously, allowing an XSS payload to be executed. This vulnerability also impacts related TinyMCE APIs and plugins, including `tinymce.Editor.getContent({ format: 'raw' })`, `tinymce.Editor.resetContent()`, and the Autosave Plugin. **Recommendations** * Upgrade to TinyMCE 5.10.8 or higher for TinyMCE 5.x. * Upgrade to TinyMCE 6.7.1 or higher for TinyMCE 6.x.

**Nome do software vulnerável e versões afetadas** Versões do Electron anteriores à 11.0.0-beta.1 Versões do Electron anteriores à 10.0.1 Versões do Electron anteriores à 9.3.0 Versões do Electron anteriores à 8.5.1 **Descrição** O evento `will-navigate` pode ser contornado quando um subquadro realiza uma navegação para o quadro superior entre sites. Essa vulnerabilidade pode ser explorada para contornar restrições de navegação. Como solução alternativa, colocar todos os iframes em sandbox usando o atributo `sandbox` pode impedir que eles criem navegações para o quadro superior. **Recomendações** Para versões anteriores à 11.0.0-beta.1, atualize para a versão 11.0.0-beta.1 ou posterior. Para versões anteriores à 10.0.1, atualize para a versão 10.0.1 ou posterior. Para versões anteriores à 9.3.0, atualize para a versão 9.3.0 ou posterior. Para versões anteriores à 8.5.1, atualize para a versão 8.5.1 ou posterior. Como solução alternativa temporária, considere colocar todos os iframes em sandbox usando o atributo `sandbox` para impedir que eles criem navegações no quadro superior.

**Nome do software vulnerável e versões afetadas** Versões do Prism de 1.1.0 a 1.20.0 Versões do plugin Previewers do Prism de 1.10.0 a 1.20.0 Versões do plugin Previewer: Easing do Prism de 1.1.0 a 1.9.0 **Descrição** A visualização de easing do plug-in Previewers apresenta uma vulnerabilidade de Cross-Site Scripting (XSS), permitindo que invasores executem código arbitrário no Safari e no Internet Explorer. Esse problema afeta todos os usuários do Prism que utilizam o Safari e o Internet Explorer e que usam os plug-ins afetados. **Recomendações** Para as versões 1.1.0 a 1.20.0 do Prism, atualize para a versão 1.21.0 para resolver o problema. Para as versões 1.10.0 a 1.20.0 do plugin Prism Previewers , atualize para a versão 1.21.0 para resolver o problema. Para as versões 1.1.0 a 1.9.0 do plug-in Prism Previewer: Easing , atualize para a versão 1.21.0 para resolver o problema. Como solução alternativa temporária, considere desativar a visualização de easing em todos os blocos de código afetados, disponível para o Prism v1.10.0 ou mais recente.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 57.0.2987.98 for Mac, Windows, and Linux Google Chrome version prior to 57.0.2987.108 for Android **Description** The issue is related to insufficient policy enforcement in V8, allowing a remote attacker to spoof the location object via a crafted HTML page. This is related to information disclosure in Blink. **Recommendations** For Google Chrome versions prior to 57.0.2987.98 on Mac, Windows, and Linux, update to version 57.0.2987.98 or later. For Google Chrome version prior to 57.0.2987.108 on Android, update to version 57.0.2987.108 or later.

**Name of the Vulnerable Software and Affected Versions** ZeroClipboard versions prior to 1.3.2 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters, specifically `loaderInfo.parameters`. This enables attackers to perform cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 1.3.2, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `loaderInfo.parameters` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 31.0.1650.48 **Description** The issue involves multiple unspecified vulnerabilities that could allow attackers to execute arbitrary code or have other impacts via unknown vectors. **Recommendations** For versions prior to 31.0.1650.48, update to version 31.0.1650.48 or later to resolve the issue.

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587.