CVE-2015-2727

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...

Adobe Connect 9.3 Cross Site Scripting

Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...

WordPress Link Library Plugin <= 5.0.8 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter "id". Solution Update the plugin...

WordPress 2 Click Social Media Buttons Plugin <= 0.34 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

IBM Websphere Portal - Persistent Cross-Site Scripting

IBM Websphere Portal - Persistent Cross-Site Scripting IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability CVE-2014-0910 + Author: Filippo Roncari + Target: IBM WebSphere Portal + Version: 7.0, 6.1.5, 6.1.0 + Vendor: http://www.ibm.com + Accessibility: Remote + Severity: Medium + CVE:...

Mozilla Firefox-release Security Policy Bypass Vulnerability

Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security policy bypass vulnerability exists in Mozilla Firefox versions prior to 37.0.1, due to the Reader mode feature in Mozilla Firefox on Android and the desktop Firefox...

Design/Logic Flaw

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...

CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

CVE-2015-0802

Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...

CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

Symantec NetBackup OpsCenter Arbitrary Code Execution Vulnerability

Symantec NetBackup OpsCenter is a unified data protection management software from Symantec Symantec. The software allows centralized monitoring and reporting of the operational status of heterogeneous data protection environments through a console. A security vulnerability exists in Symantec...

Cross-Site Scripting (XSS)

CKEditor is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

WordPress Geo Mashup 1.8.2 Cross Site Scripting

Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: = 1.8.2 Fixed version: 1.8.3 January, 11 2015 Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location...

Design/Logic Flaw

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

CVE-2014-8636

CVE-2014-8636 affects Mozilla Firefox and SeaMonkey through an information flow bug in the XrayWrapper. The issue arises when interacting with a DOM object that has a named getter, allowing a remote attacker to cause arbitrary JavaScript execution with chrome privileges via unspecified vectors. A...

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

USN-2414-1: KDE-Runtime vulnerability

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript...

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...