Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Unauthenticated XSS (Cross Site Scripting) in FortiMail

An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Note that this vulnerability is different from JVN13003724. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

Hardcoded credentials

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

Hardcoded credentials

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-5006

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

dotCMS cross-site scripting vulnerability (CNVD-2017-01338)

dotCMS is a content management system CMS from the US company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in dotCMS version 3.7.0. An attacker can exploit this vulnerability to...

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

Hardcoded credentials

Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2016-5204

Removed by vendor...

CVE-2016-3408

Cross-site scripting XSS vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813...

CVE-2016-7282

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."...

CVE-2016-5181

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...

Design/Logic Flaw

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...

Input validation

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2016-2955

Cross-site scripting XSS vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-5955

Cross-site scripting XSS vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...