Lucene search
+L

165 matches found

Amazon
Amazon
added 2021/01/07 12:0 a.m.90 views

Important: thunderbird

Issue Overview: When drawing a transparent image on top of an unknown cross-origin image, the Skia library drawImage function took a variable amount of time depending on the content of the underlying image. This resulted in potential cross-origin information exposure of image content through timi...

9.3CVSS9.1AI score0.0245EPSS
Exploits1
Prion
Prion
added 2020/12/09 1:15 a.m.16 views

Design/Logic Flaw

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

4.3CVSS6.1AI score0.01307EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2020/12/09 12:22 a.m.37 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7.6AI score0.01307EPSS
Exploits0
Cvelist
Cvelist
added 2020/12/09 12:22 a.m.17 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.7AI score0.01307EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2020/12/09 12:22 a.m.36 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS6.9AI score0.01307EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/12/03 12:0 a.m.36 views

Adobe Experience Manager 6.1 < 6.3.3.7 / 6.4 < 6.4.7.0 / 6.5 < 6.5.3.0 Multiple Vulnerabilities (APSB20-01)

The version of Adobe Experience Manager installed on the remote host is 6.1.x less than 6.3.3.7, 6.4.x less than 6.4.7.0, or 6.5.x less than 6.5.4.0. It is, therefore, affected by multiple vulnerabilities that could lead to sensitive information disclosure, as referenced in the APSB20-01 advisory...

7.5CVSS7.1AI score0.17186EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2020/12/01 3:26 p.m.5 views

Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7.4AI score0.01307EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 8:48 a.m.3 views

Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7.4AI score0.01307EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/11/30 8:41 a.m.3 views

Mozilla: Requests intercepted through ServiceWorkers lacked MIME type restrictions

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7.4AI score0.01307EPSS
Exploits0References5
OSV
OSV
added 2020/11/25 3:15 a.m.6 views

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

6.1CVSS6.3AI score0.007EPSS
Exploits1References2
Prion
Prion
added 2020/11/25 3:15 a.m.20 views

Cross site scripting

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

4.3CVSS6AI score0.007EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/11/25 2:47 a.m.22 views

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

6.1AI score0.007EPSS
Exploits1References2
CVE
CVE
added 2020/11/25 2:47 a.m.78 views

CVE-2020-29072

LiquidFiles versions prior to 3.3.19 have a Cross-Site Script Inclusion vulnerability in client-side code. Exploitation requires user interaction (opening a link) and could lead to leakage of encrypted e-mail content via messages/sent?format=js and popup?format=js. Affected product: LiquidFiles p...

6.1CVSS6AI score0.007EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/11/18 1:9 a.m.18 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS1.3AI score0.01307EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/11/17 12:0 a.m.37 views

CVE-2020-26958

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox 83, Firefox ESR 78.5,...

6.1CVSS7AI score0.01307EPSS
Exploits0References6
OSV
OSV
added 2019/10/24 6:15 p.m.2 views

DEBIAN-CVE-2019-12095

Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload...

8.8CVSS7.8AI score0.01115EPSS
Exploits6References1
NVD
NVD
added 2019/03/27 6:29 p.m.19 views

CVE-2018-19644

Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...

6.1CVSS5.3AI score0.00512EPSS
Exploits0References1
CVE
CVE
added 2019/03/27 5:7 p.m.52 views

CVE-2018-19644

CVE-2018-19644 affects Micro Focus Solutions Business Manager (SBM, formerly Serena SBM) and SBM versions prior to 11.5. The connected documents describe a reflected cross-site scripting vulnerability that allows a remote attacker to inject arbitrary web script or HTML into SBM’s web context.

6.1CVSS5.9AI score0.00512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/03/27 5:7 p.m.20 views

CVE-2018-19644 Solutions Business Manager (SBM) reflected cross site script issue in version prior to 11.5

Reflected cross site script issue in Micro Focus Solutions Business Manager SBM formerly Serena Business Manager SBM versions prior to 11.5...

5CVSS6.2AI score0.00512EPSS
Exploits0References1
Veracode
Veracode
added 2019/03/13 12:54 a.m.29 views

Cross-Site Script Inclusion (XSSI)

Jupyter notebook is vulnerable to cross-site script inclusion XSSI. When a user is logged into the Jupyter server and visits an unauthorized website, the web resources from a known URL could be included in a page of that unauthorized website, causing malicious code to be executed in the victim's...

5.4CVSS5.5AI score0.01636EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder