Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0794 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-18 | N/A | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2022-38266 | 3 Debian, Leptonica, Tesseract Project | 3 Debian Linux, Leptonica, Tesseract | 2023-12-18 | N/A | 6.5 MEDIUM |
| An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | |||||
| CVE-2018-7442 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function does not block '/' characters in the gplot rootname argument, potentially leading to path traversal and arbitrary file overwrite. | |||||
| CVE-2018-7441 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 4.4 MEDIUM | 7.0 HIGH |
| Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might allow local users to overwrite arbitrary files or have unspecified other impact by creating files in advance or winning a race condition, as demonstrated by /tmp/junk_split_image.ps in prog/splitimage2pdf.c. | |||||
| CVE-2018-7440 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. | |||||
| CVE-2017-18196 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 2.1 LOW | 3.3 LOW |
| Leptonica 1.74.4 constructs unintended pathnames (containing duplicated path components) when operating on files in /tmp subdirectories, which might allow local users to bypass intended file restrictions by leveraging access to a directory located deeper within the /tmp directory tree, as demonstrated by /tmp/ANY/PATH/ANY/PATH/input.tif. | |||||
| CVE-2018-7247 | 1 Leptonica | 1 Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in Leptonica before 1.75.3. Unsanitized input (rootname) can overflow a buffer, leading potentially to arbitrary code execution or possibly unspecified other impact. | |||||
| CVE-2018-7186 | 2 Debian, Leptonica | 2 Debian Linux, Leptonica | 2023-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| Leptonica before 1.75.3 does not limit the number of characters in a %s format argument to fscanf or sscanf, which allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a long string, as demonstrated by the gplotRead and ptaReadStream functions. | |||||
| CVE-2023-44301 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 5.4 MEDIUM |
| Dell DM5500 5.14.0.0 and prior contain a Reflected Cross-Site Scripting Vulnerability. A network attacker with low privileges could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2023-44306 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2023-12-18 | N/A | 6.5 MEDIUM |
| Dell DM5500 contains a path traversal vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability to overwrite configuration files stored on the server filesystem. | |||||
| CVE-2023-44305 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2023-12-18 | N/A | 9.8 CRITICAL |
| Dell DM5500 5.14.0.0, contains a Stack-based Buffer Overflow Vulnerability in the appliance. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | |||||
| CVE-2023-44304 | 1 Dell | 2 Dm5500, Dm5500 Firmware | 2023-12-18 | N/A | 8.8 HIGH |
| Dell DM5500 contains a privilege escalation vulnerability in the appliance. A remote attacker with low privileges could potentially exploit this vulnerability to escape the restricted shell and gain root access to the appliance. | |||||
| CVE-2023-44300 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 5.5 MEDIUM |
| Dell DM5500 5.14.0.0, contain a Plain-text Password Storage Vulnerability in the appliance. A local attacker with privileges could potentially exploit this vulnerability, leading to the disclosure of certain service credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | |||||
| CVE-2023-44291 | 1 Dell | 2 Powerprotect Data Manager Dm5500, Powerprotect Data Manager Dm5500 Firmware | 2023-12-18 | N/A | 7.2 HIGH |
| Dell DM5500 5.14.0.0 contains an OS command injection vulnerability in the appliance. A remote attacker with high privileges could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. | |||||
| CVE-2020-22524 | 1 Freeimage Project | 1 Freeimage | 2023-12-18 | N/A | 6.5 MEDIUM |
| Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file. | |||||
| CVE-2020-21428 | 1 Freeimage Project | 1 Freeimage | 2023-12-18 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | |||||
| CVE-2020-21427 | 1 Freeimage Project | 1 Freeimage | 2023-12-18 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | |||||
| CVE-2023-42890 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2023-12-18 | N/A | 8.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | |||||
| CVE-2023-46246 | 1 Vim | 1 Vim | 2023-12-17 | N/A | 5.5 MEDIUM |
| Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | |||||
| CVE-2023-45853 | 1 Zlib | 1 Zlib | 2023-12-16 | N/A | 9.8 CRITICAL |
| MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. | |||||
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2023-12-16 | N/A | 7.8 HIGH |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | |||||
| CVE-2023-6611 | 1 Tongda2000 | 2 Tongda Oa, Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6608 | 1 Tongda2000 | 2 Tongda Oa, Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6607 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6276 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/ct/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-246105 was assigned to this vulnerability. | |||||
| CVE-2023-6084 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6054 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6053 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-6052 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5783 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5782 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5781 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5780 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5682 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5298 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5285 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 7.5 HIGH |
| A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability. | |||||
| CVE-2023-5267 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880. | |||||
| CVE-2023-5265 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5261 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-5030 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 8.8 HIGH |
| A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872. | |||||
| CVE-2023-5026 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868. | |||||
| CVE-2023-5023 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 8.8 HIGH |
| A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864. | |||||
| CVE-2023-5019 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860. | |||||
| CVE-2023-4166 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-4165 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2738 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-24206 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in /mobile_seal/get_seal.php via the DEVICE_LIST parameter. | |||||
| CVE-2022-23902 | 1 Tongda2000 | 1 Tongda Office Anywhere | 2023-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Tongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter. | |||||
| CVE-2023-31813 | 2023-12-16 | N/A | N/A | ||
| Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2804. Reason: This record is a duplicate of CVE-2023-2804. Notes: All CVE users should reference CVE-2023-2804 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage. | |||||
| CVE-2023-6707 | 1 Google | 1 Chrome | 2023-12-16 | N/A | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |||||