Microsoft Edge Spoofing Vulnerability (CNVD-2018-18475)

Microsoft Edge is a Web browser developed by the American company Microsoft Microsoft. A spoofing vulnerability exists in Microsoft Edge. The vulnerability stems from a failure of the program to properly process HTML content. The vulnerability can be exploited by an attacker to spoof users with t...

Microsoft Edge Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as...

CVE-2018-5537

A remote attacker may be able to disrupt services on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 if the TMM virtual server is configured with a HTML or a Rewrite profile. TMM may restart while processing some specially prepared HTML content from the back end...

Spoofing

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge...

Microsoft Edge Spoofing Vulnerability

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content. An attacker who successfully exploited this vulnerability could trick a user into believing that the user was on a legitimate website. The specially crafted website could either spoof content or serve as...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

Cross site scripting

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode is used, allows stored XSS, as demonstrated by an onerror attribute of an IMG element, a related issue to CVE-2018-7035...

CVE-2018-13339

CVE-2018-13339 affects Imperavi Redactor 3 in Angular Redactor 1.1.6 when HTML content mode is used, enabling a stored XSS as demonstrated by an onerror attribute in an IMG element; related to CVE-2018-7035. Several adjacent advisories (OSV/GHSA variants) describe the same XSS class and the root ...

charset denial of service vulnerability

charset is a character set that can be retrieved from header files and HTML content. A denial of service vulnerability exists in charset 1.0.0 and earlier versions. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2018-12293

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which...

Integer overflow

The getImageData function in the ImageBufferCairo class in WebCore/platform/graphics/cairo/ImageBufferCairo.cpp in WebKit, as used in WebKitGTK+ prior to version 2.20.3 and WPE WebKit prior to version 2.20.1, is vulnerable to a heap-based buffer overflow triggered by an integer overflow, which...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

CVE-2018-5133

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

XSS Payload List - Cross Site Scripting Vulnerability Payload List

Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user...

Cross-Site Scripting (XSS)

gleez/cms is vulnerable to Cross-site Scripting XSS attack. The HTML content in a source editor are not sanitized properly, allowing arbitrary HTML code to be executed when the source editor is rendered...

Cross site scripting

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...