Lucene search
K

53 matches found

OSV
OSV
added 2020/10/07 4:15 p.m.45 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.4AI score0.04522EPSS
Exploits1References6
Veracode
Veracode
added 2019/05/16 2:13 a.m.21 views

Use-After-Free

Firefox is vulnerable to use-after-free vulnerability. This occurs when editing events in form elements on a page. An attacker could cause a potentially exploitable crash resulting a denial of service condition...

9.8CVSS8.9AI score0.02997EPSS
Exploits0References13Affected Software2
Veracode
Veracode
added 2019/01/29 5:28 a.m.9 views

Malicious Package

stream-combine is a malicious package designed to steal user's data when installed. The code searches all form elements for passwords, credit card numbers and CVC codes, and uploads the information to a remote server using HTML links embedded in the page or form actions...

6.6AI score
Exploits0
Node.js
Node.js
added 2019/01/25 8:19 p.m.20 views

Malicious Package

Overview Version 2.0.2 of stream-combine has malicious code design to steal credentials and credit card information. The code searches all form elements for passwords, credit card numbers and CVC codes. It then uploads the information to a remote server using HTML links embedded in the page or fo...

6.7AI score
Exploits0Affected Software1
Drupal
Drupal
added 2018/07/25 12:0 a.m.8 views

Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054

This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value. The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used. This vulnerability is mitigated by th...

6.5AI score
Exploits0References7
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS9AI score0.02997EPSS
Exploits0References1
OSV
OSV
added 2018/05/26 10:29 p.m.4 views

CVE-2018-6411

An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...

9.8CVSS5.8AI score0.05881EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2018/02/06 12:0 a.m.31 views

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)

This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed : - CVE-2018-5091: Use-after-free with DTMF timers bsc1077291. - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free whi...

9.8CVSS7.5AI score0.07262EPSS
Exploits0References24
RedHat Linux
RedHat Linux
added 2018/02/01 11:28 a.m.3 views

Mozilla: Use-after-free while editing form elements (MFSA 2018-03)

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS7.4AI score0.02997EPSS
Exploits0References5
OSV
OSV
added 2018/01/29 12:0 a.m.3 views

UBUNTU-CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS7.2AI score0.02997EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/01/24 10:5 a.m.5 views

Mozilla: Use-after-free while editing form elements (MFSA 2018-03)

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS7.4AI score0.02997EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2018/01/24 5:21 a.m.32 views

CVE-2018-5096

A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...

9.8CVSS2.7AI score0.02997EPSS
Exploits0References2
OSV
OSV
added 2017/12/20 2:29 p.m.2 views

CVE-2017-16578

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

8.8CVSS6.2AI score
Exploits0References2
Veracode
Veracode
added 2017/06/06 1:40 a.m.17 views

Access Restriction Bypass

Moodle is susceptible to access restriction bypass. The bypass exists because frozen form elements are not handled properly. Therefore, it allows authenticated users to manipulate them when submitting form data...

4CVSS6AI score0.01135EPSS
Exploits0References5Affected Software1
Jake Archibald's Blog
Jake Archibald's Blog
added 2017/02/17 12:56 p.m.17 views

Events and disabled form fields

I've been working on the web since I was a small child all the way through to the haggard old man I am to day. However, the web still continues to surprise me. Turns out, mouse events don't fire when the pointer is over disabled form elements, except in Firefox. Serious? Serious. Give it a go. Mo...

6.8AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2016/02/09 12:0 a.m.29 views

Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

6.8CVSS2AI score0.21834EPSS
Exploits1References1
Prion
Prion
added 2015/04/21 4:59 p.m.9 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for 1 hidden form elements or 2 status messages via unspecifi...

6.8CVSS7.8AI score0.00656EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2014/09/08 1:44 p.m.2 views

Information Exposure

OWASP Java HTML Sanitizer is vulnerable to Information Exposure. The vulnerability is due to improper handling of crafted FORM elements within a NOSCRIPT tag when JavaScript is disabled, which allows an attacker to obtain sensitive information through user-assisted interaction...

2.6CVSS6.3AI score0.01446EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2014/03/05 5:11 a.m.24 views

CVE-2013-6664

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS6.9AI score0.01292EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2014/03/05 5:11 a.m.22 views

CVE-2013-6664

Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...

7.5CVSS7.3AI score0.01292EPSS
Exploits1References4
Rows per page
Query Builder