CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

CVE-2016-9078

Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without t...

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

UBUNTU-CVE-2018-5136

A shared worker created from a "data:" URL in one tab can be shared by another tab with a different origin, bypassing the same-origin policy. This vulnerability affects Firefox 59...

UBUNTU-CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

Zurmo Cross-Site Scripting Vulnerability

Zurmo is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. A cross-site scripting vulnerability exists in Zurmo version 3.2.1.57987acc3018. A remote attacker can exploit this vulnerability by sending a 'redirectUrl' parameter with a data:...

Cross site scripting

Cross-site scripting XSS exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

CVE-2017-15039

Cross-site scripting XSS exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

CVE-2017-15039

Cross-site scripting XSS exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...

Infogram: Report Design Critical Stored DOM XSS Vulnerability

Hi Team, Another XSS vulnerability in report designer but this one is critical. Problem Point Report's Overview Table Report Creation Url https://infogram.com/app/edit/e7b161f1-f708-48e5-bab7-de9887ae202a Sample Data Click for Detail Sample URL https://infogram.com/report-classic-1g57pr0g3xdvp01...

UBUNTU-CVE-2017-7814

File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise ...

UBUNTU-CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL...

DEBIAN-CVE-2017-14718

Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL...

DEBIAN-CVE-2015-3295

markdown-it before 4.1.0 does not block data: URLs...

UBUNTU-CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

Cross site scripting

Zurmo 3.1.1 Stable allows a Cross-Site Scripting XSS attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse...

CVE-2017-7188

Zurmo 3.1.1 Stable allows a Cross-Site Scripting XSS attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse...

Mozilla: Restricted external resources can be loaded by SVG images through data URLs (MFSA 2016-94, MFSA 2016-95)

External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

Security update for MozillaFirefox (important)

MozillaFirefox is updated to version 50.0.2 which fixes the following issues: Firefox crashed with 3rd party Chinese IME when using IME text fixed in version 50.0.1 Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect fixed in version 50.0.1,...