819 matches found
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
Cross site scripting
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
CVE-2019-16197
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS...
Remote Code Execution (RCE)
firefox is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird befor...
Unauthenticated listing of labels
Issue the following HTTP request: code POST /rest/tinymce/1/macro/preview HTTP/1.1 Host: wiki.domain.com Content-Length: 75 Content-Type: application/json "contentId":"0","macro":"name":"listlabels","params":"spaceKey":"TEST" code The service returns an HTML document containing a list of all labe...
[ASA-201811-10] thunderbird: arbitrary code execution
Arch Linux Security Advisory ASA-201811-10 ========================================== Severity: Critical Date : 2018-11-06 CVE-ID : CVE-2018-12389 CVE-2018-12390 CVE-2018-12392 Package : thunderbird Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-803 Summary...
CVE-2018-14776
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
Hardcoded credentials
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2018-14776
Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document...
CVE-2018-14776
CVE-2018-14776 affects Click Studios Passwordstate (web-based password manager) prior to version 8.3 Build 8397. The vulnerability is an authenticated-user cross-site scripting (XSS) flaw triggered by uploading an HTML document, enabling injection of arbitrary script when viewed by other authenti...
CVE-2018-10193
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
CVE-2018-10193
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
Hardcoded credentials
LogMeIn LastPass through 4.15.0 allows remote attackers to cause a denial of service browser hang via an HTML document because the resource consumption of onloadwff.js grows with the number of INPUT elements...
CVE-2018-6360
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...
Adobe Acrobat and Reader Out-of-bounds Read (APSB17-36: CVE-2017-16394)
An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to computation that reads data that is past the end of the target buffer. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted HTML document...
Zomato: User Profiles Leak PII in HTML Document for Mobile Browser User Agents
@chriszielinski found that user personal information was leaking when you make a request using mobile user agent...
Axis 2100 Network Camera 2.43 Cross Site Scripting
i?+ Title: Axis 2100 Network Camera 2.43 - Reflected XSS + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] + Author Company: Henceforth + CVE: CVE-2017-12413 Vendor: =============== https://www.axis.com/ Vulnerability Type: =================== Reflected Cross Site Scripting...
CVE-2017-1000023
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...
Hardcoded credentials
LogicalDoc Community Edition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document...