53 matches found
CVE-2020-26870
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...
Use-After-Free
Firefox is vulnerable to use-after-free vulnerability. This occurs when editing events in form elements on a page. An attacker could cause a potentially exploitable crash resulting a denial of service condition...
Malicious Package
stream-combine is a malicious package designed to steal user's data when installed. The code searches all form elements for passwords, credit card numbers and CVC codes, and uploads the information to a remote server using HTML links embedded in the page or form actions...
Malicious Package
Overview Version 2.0.2 of stream-combine has malicious code design to steal credentials and credit card information. The code searches all form elements for passwords, credit card numbers and CVC codes. It then uploads the information to a remote server using HTML links embedded in the page or fo...
Select (or other) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-054
This module enables users to select 'other' on certain form elements and a textfield appears for the user to provide a custom value. The module doesn't sufficiently escape values of a text field the under the scenario when "Select or other" formatter is used. This vulnerability is mitigated by th...
DEBIAN-CVE-2018-5096
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
CVE-2018-6411
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through apformelements SQL Injection...
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2018:0361-1)
This update for MozillaFirefox to version ESR 52.6 fixes several issues. These security issues were fixed : - CVE-2018-5091: Use-after-free with DTMF timers bsc1077291. - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free whi...
Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
UBUNTU-CVE-2018-5096
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
Mozilla: Use-after-free while editing form elements (MFSA 2018-03)
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
CVE-2018-5096
A use-after-free vulnerability can occur while editing events in form elements on a page, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 52.6 and Thunderbird 52.6...
CVE-2017-16578
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Access Restriction Bypass
Moodle is susceptible to access restriction bypass. The bypass exists because frozen form elements are not handled properly. Therefore, it allows authenticated users to manipulate them when submitting form data...
Events and disabled form fields
I've been working on the web since I was a small child all the way through to the haggard old man I am to day. However, the web still continues to surprise me. Turns out, mouse events don't fire when the pointer is over disabled form elements, except in Firefox. Serious? Serious. Give it a go. Mo...
Microsoft Internet Explorer HTML form Element Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Jammer module before 6.x-1.8 and 7.x-1.x before 7.x-1.4 for Drupal allow remote attackers to hijack the authentication of administrators for requests that delete a setting for 1 hidden form elements or 2 status messages via unspecifi...
Information Exposure
OWASP Java HTML Sanitizer is vulnerable to Information Exposure. The vulnerability is due to improper handling of crafted FORM elements within a NOSCRIPT tag when JavaScript is disabled, which allows an attacker to obtain sensitive information through user-assisted interaction...
CVE-2013-6664
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...
CVE-2013-6664
Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors...