5.1
CVE-2025-9170 - SolidInvoice Tax Rates rates cross site scripting
A vulnerability was identified in SolidInvoice up to 2.4.0. The affected element is an unknown function of the file /tax/rates of the component Tax Rates Module. Such manipulation of the argument Name leads to cross site scripting. The attack can be executed remotely. The exploit is publicly availaβ¦
5.1
CVE-2025-9169 - SolidInvoice Quote quotes cross site scripting
A vulnerability was determined in SolidInvoice up to 2.4.0. Impacted is an unknown function of the file /quotes of the component Quote Module. This manipulation of the argument Name causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed aβ¦
5.1
CVE-2025-9168 - SolidInvoice Invoice Creation invoice cross site scripting
A vulnerability was found in SolidInvoice up to 2.4.0. This issue affects some unknown processing of the file /invoice of the component Invoice Creation Module. The manipulation of the argument Client Name results in cross site scripting. The attack may be launched remotely. The exploit has been maβ¦
6.1
CVE-2025-55033 - Drag and drop gestures in Focus for iOS could allow JavaScript links to be executed incorrectly
Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks. This vulnerability was fixed in Focus for iOS 142.
6.1
CVE-2025-55032 - Focus incorrectly ignores Content-Disposition headers for some MIME types
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
7.5
CVE-2025-55029 - Malicious scripts could spam popups for denial of service attacks
Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.
9.8
CVE-2025-55031 - Passkey phishing within Bluetooth range
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed iβ¦
6.5
CVE-2025-55028 - JavaScript alerts could impede UI interaction or allow denial of service attacks
Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks. This vulnerability was fixed in Firefox for iOS 142.
6.1
CVE-2025-55030 - Content-Disposition headers incorrectly ignored for some MIME types
Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks. This vulnerability was fixed in Firefox for iOS 142.
9.1
CVE-2025-54145 - Scanning a malicious URL utilizing Firefox's open-text scheme with the QR code scanner could load aβ¦
The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.