18 matches found
EUVD-2016-6158
Malware in sbrugna...
Improper Validation of Syntactic Correctness of Input
Overview golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the tokenizer in token.go, which incorrectly interprets tags as closing tags, allowing...
CodiMD Security Vulnerabilities
CodiMD is a real-time collaborative note-taking application open-sourced by HackMD. A security vulnerability exists in CodiMD version 2.5.3, which stems from a vulnerability that allows rendering of HTML tags with improperly cleaned up tags, which enables an attacker to perform cross-site scripti...
SUSE CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
SUSE CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
SUSE CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...
CVE-2016-5207
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...
CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Design/Logic Flaw
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-5204
CVE-2016-5204 affects Chromium-based browsers (Blink SVG image handling). The issue is a cross-site scripting (UXSS) vulnerability caused by SVG shadow DOM handling that can allow script/HTML injection via crafted pages. Desktop/chromium versions prior to 55.0.2883.75 (desktop) and 55.0.2883.84 (...
CVE-2016-5204
Removed by vendor...
chromium-browser: universal xss in blink
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
chromium-browser: universal xss in blink
In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...
UBUNTU-CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
UBUNTU-CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...