2316 matches found
Mozilla Firefox for iOS 安全漏洞
Mozilla Firefox for iOS is a web browser designed for iOS devices by the US-based Mozilla Foundation. A security vulnerability exists in Mozilla Firefox for iOS, which can be exploited by an attacker to cause the address bar and page content to be out of sync, allowing the attacker to forge...
CVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-1795
The CVE-2026-1795 entry concerns the WordPress plugin Address Bar Ads (≤ 1.0.0). The root cause is insufficient input sanitization and output escaping in the URL Path, enabling a Reflected Cross-Site Scripting (XSS) vulnerability. Affected: Address Bar Ads plugin for WordPress (all versions up to...
WordPress plugin Address Bar Ads 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-8076
The Address Bar Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URL Path in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
MiracleLinux 9 : firefox-115.4.0-1.el9.ML.1 (AXSA:2023-6565:41)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6565:41 advisory. Mozilla: Queued up rendering could have allowed websites to clickjack CVE-2023-5721 Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR...
MiracleLinux 9 : firefox-102.11.0-2.el9.ML.1 (AXSA:2023-6024:19)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6024:19 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...
MiracleLinux 8 : thunderbird-102.11.0-1.el8.ML.1 (AXSA:2023-6153:18)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6153:18 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...
MiracleLinux 9 : webkit2gtk3-2.46.1-2.el9_4 (AXSA:2024-8945:04)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8945:04 advisory. webkitgtk: webkit2gtk: Use after free may lead to Remote Code Execution CVE-2024-40776 webkitgtk: webkit2gtk: Processing maliciously crafted web...
MiracleLinux 9 : webkit2gtk3-2.46.3-1.el9 (AXSA:2024-9303:07)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9303:07 advisory. webkitgtk: Visiting a malicious website may lead to address bar spoofing CVE-2024-40866 webkitgtk: A malicious website may exfiltrate data...
MiracleLinux 7 : firefox-102.11.0-2.0.1.el7.AXS7 (AXSA:2023-5464:18)
The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5464:18 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...
CVE-2021-33594
An address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted a malicious URL, it appears like a legitimate one on the address bar, while the content comes from other domain and presented in a window, covering the original content. A...
CVE-2021-33595
A address bar spoofing vulnerability was discovered in Safe Browser for iOS. Showing the legitimate URL in the address bar while loading the content from other domain. This makes the user believe that the content is served by a legit domain. A remote attacker can leverage this to perform address...
CVE-2021-33593
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing...
CVE-2019-11699
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox 67...
CVE-2019-11695
A custom cursor defined by scripting on a site can position itself over the addressbar to spoof the actual cursor when it should not be allowed outside of the primary web content area. This could be used by a malicious site to trick users into clicking on permission prompts, doorhanger...