321 matches found
Cross site scripting
The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Cross site scripting
The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Cross site scripting
The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Cross site scripting
The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Cross site scripting
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Cross site scripting
The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12370
The provided connected records confirm that CVE-2019-12370 affects the Spark Android app up to version 2.0.2, enabling XSS via an event attribute and arbitrary file loading through a src attribute when READ_EXTERNAL_STORAGE permission is granted. The root cause and exact vulnerable component are ...
CVE-2019-12370
The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12369
CVE-2019-12369 affects the TypeApp Android app (version 1.9.5.35) and allows cross-site scripting via an event attribute and arbitrary file loading via a src attribute when READ_EXTERNAL_STORAGE permission is granted. The root cause is associated with the app handling untrusted data in UI attribu...
CVE-2019-12369
The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12368
The CVE-2019-12368 entry concerns Edison Mail for Android (up to version 1.7.1). The issue is an XSS vulnerability via an event attribute and the ability to load arbitrary files through a src attribute when the app holds READ_EXTERNAL_STORAGE permission. Descriptions across sources consistently i...
CVE-2019-12368
The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12367
CVE-2019-12367 affects the BlueMail Android app (v1.9.5.36). The issue enables XSS via an event attribute and arbitrary file loading via a src attribute when the app has READ_EXTERNAL_STORAGE permission. This is documented in the NVD entry and mirrored in Red Hat and CVE aggregations. No exploit ...
CVE-2019-12367
The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12366
The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
CVE-2019-12366
The vulnerability CVE-2019-12366 affects the Nine Android app up to version 4.5.3a. The issue is an XSS via an event attribute and an arbitrary file loading via a src attribute when the app has READ_EXTERNAL_STORAGE permission. The Red Hat advisory reiterates this description. No concrete exploit...
CVE-2019-12365
The CVE-2019-12365 entry affects the Newton Android app (version up to 10.0.23). It describes two issues: (1) XSS via an event attribute and (2) arbitrary file loading via a src attribute when the app holds READ_EXTERNAL_STORAGE permission. The related Red Hat/NVD entries confirm these descriptio...
CVE-2019-12365
The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...
Foxit PDF Editor DLL Hijacking Vulnerability
Foxit PDF Editor is a PDF file editing software. Foxit PDF Editor has a DLL hijacking vulnerability. An attacker can exploit this vulnerability to load a fake malicious dll file...
Denial Of Service (DoS)
wordpress is vulnerable to denial of service. The vulnerability exists in because an unauthenticated attacker is able to crash the application by submitting a large list of registered .js files to cause each file to be loaded multiple times, leading to excessive resource consumption...