The vulnerability of the Thunderbird email client, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of the Thunderbird email client allows a malicious actor to bypass access policy restrictions and execute arbitrary JavaScript code with privileges of a Chrome user, by using frame relays...

The vulnerability of the Firefox ESR browser allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability of Firefox ESR lies in the improper restriction on the resource:URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges equivalent to those of Chrome, thereby circumventing access control policies. This can be achieved, fo...

The vulnerability of the Firefox ESR browser, which allows a malicious individual to execute arbitrary code

The Mozilla Firefox ESR browser contains a vulnerability related to errors in the implementation of the Web IDL technology. Exploiting this vulnerability allows malicious actors operating remotely to execute arbitrary JavaScript code with Chrome privileges, by using a fragment of IDL to trigger a...

Securimage Cross-Site Scripting Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. Securimage suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary JavaScript code in a user's browser...

GitLab: Persistent XSS on public project page

Details A project admin can set up a custom issue tracker integration. This setting misses a check to make sure that it's a real URL and, thus, can use the javascript handler to execute arbitrary Javascript. Browsers use this handler to execute inline Javascript. This can lead to an account take...

Securimage Cross-Scripting Vulnerability

Securimage is an open source PHP CAPTCHA script for generating CAPTCHA images and CAPTCHA code . Securimage suffers from a cross-scripting vulnerability. An attacker exploits the vulnerability to inject arbitrary JavaScript code via a specially crafted URL, resulting in a cross-site scripting XSS...

WordPress Jetpack Plugin <= 3.9.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

Vulnerability in Samsung SecEmailUI

Samsung SecEmailUI is a set of apk for email reader for email client from Samsung South Korea. A security vulnerability exists in Samsung SecEmailUI. The vulnerability can be exploited by an attacker to execute arbitrary JavaScript code by tricking a user into viewing an email with HTML code tags...

Apache Cordova Whitelist Bypass Vulnerability

Cordova is to build native mobile applications with HTML, CSS, JavaScript. A security vulnerability exists in Cordova Android 3.7.2 and earlier versions. Because whitelisting restrictions are not properly applied, an attacker can bypass the whitelist and execute arbitrary Javascript using a...

Accentis Content Resource Management System Cross Site Scripting

Vulnerability type: Stored Cross Site Scripting Vendor: http://www.accentis.com.au/ Product: Accentis Content Resource Management System Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3425 PROOF OF CONCEPT XSS Accentis Content Resource Management System before October 2015 pat...

CVE-2002-1649

Cross-site scripting XSS vulnerability in readbody.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag...

WordPress iThemes Security Plugin <= 4.6.12 - Stored XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Arbitrary JavaScript Execution

Overview A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater. References - Commit b751602 - GitHub Advisory...

PYSEC-2015-25

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

Watu PRO Play 1.9.2.1 Cross Site Scripting

Details ================ Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://calendarscripts.info/watupro/modules.htmlplay Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting...

Vulnerabilities Identified in Several WordPress Plugins

Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress. The issues, most of which are cross-site scripting XSS vulnerabilities, could give some users administrative privileges, warns dxw Security, a British firm...

Google Analytics By Yoast Premium 5.4.4 Cross Site Scripting

Details ================ Software: Google Analytics by Yoast Premium Version: 5.4.4 Homepage: https://yoast.com/wordpress/plugins/google-analytics/ Advisory report: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ CVE: Awaiting assignment CVSS: 5.5...

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...

NetCracker Resource Management 8.0 - XSS Vulnerability

Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: = 8.0 Patched version: 8.2 Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-2207 PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerabili...