53 matches found
CVE-2026-44496 Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who...
Astra Linux - уязвимость в firefox
An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...
SUSE CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 119. An attacker could use the vulnerability to set a cookie containing invalid characters using "document.cookie"...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
The vulnerability of Mozilla Firefox, Firefox ESR, and the email client Thunderbird lies in state management errors caused by excessive amounts of cookies in the document.cookie file. This allows attackers to influence the integrity of the protected information.
The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to state management errors caused by excessive amounts of cookies in the document.cookie file. Exploiting these vulnerabilities can allow an attacker to influence the integrity of protected informati...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
SUSE CVE-2011-2605
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
U.S. Dept Of Defense: Stored XSS at https://█████
Description: In registeration page https://████ , first name and last name field are vulnerable to Stored Cross Site Scripting. Proof of concept For the fastly test, use this credentials to login my test account email: █████████ password: ██████ After login , alert document.cookie will triggered...
WordPress Cookie Law Bar 1.2.1 Plugin - (clb_bar_msg) Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on: Ubuntu 16.04 LTS,...
DotCMS 20.11 Cross Site Scripting
Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...
Online Clothing Store 1.0 Cross Site Scripting
Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
Online Clothing Store 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
ModSecurity 3.0.0 Cross Site Scripting
Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description: ModSecurity 3.0.0 has XSS via an onError...
ModSecurity 3.0.0 - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description:...
Private Message PHP Script 2.0 Cross Site Scripting
Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows Description : Private Message PHP Script...