413 matches found
Cross site scripting
A cross-site scripting vulnerability exists in Jenkins 2.145 and earlier, LTS 2.138.1 and earlier in core/src/main/java/hudson/model/Api.java that allows attackers to specify URLs to Jenkins that result in rendering arbitrary attacker-controlled HTML by Jenkins...
CVE-2018-6341
CVE-2018-6341 (React/XSS) : The IBM bulletin confirms a vulnerability in React where rendering HTML via ReactDOMServer fails to escape user-supplied attribute names, enabling cross-site scripting. Affected versions are React 16.0.x through 16.4.x; the issue arises from improper validation/escapin...
Cross-site Scripting (XSS)
jingo is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of proper defaults, allowing all HTML to be rendered in markdown by default, causing XSS attacks...
January 26, 2017—KB 3216755 (OS Build 14393.726)
January 26, 2017—KB 3216755 OS Build 14393.726 Improvements and fixes This release is only available on the Microsoft Update Catalog website This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed a known issu...
Cross-Site Scripting (XSS)
fuelux is vulnerable to cross-site scripting XSS vulnerability. It is possible because it allows the name parameter of DE in the email admin screen to directly render as HTML...
CVE-2016-8634
A vulnerability was found in foreman 1.14.0. When creating an organization or location in Foreman, if the name contains HTML then the second step of the wizard /organizations/id/step2 will render the HTML. This occurs in the alertbox on the page. The result is a stored XSS attack if an...
Reverb.com: XSS in buying and selling pages, can created spoofed content (false login message)
Previously this issue was resolved at another location in report 351376 After spending more time searching the website, I found additional areas where this problem persists: https://sandbox.reverb.com/my/buying/orders?query= https://sandbox.reverb.com/my/selling/listings?query=...
Cross-site Scripting (XSS)
Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript by uploading a zip file through the assignment submission function. This results in text and HTML being rendered during a download all action...
Microsoft Internet Explorer Elevation of Privilege Vulnerability (CVE-2017-0154)
Original link: a Broken Browser Original author: Manuel Caballero Translation: Holic know Chong Yu 404 security lab Today we know from Internet Explorer since the birth there has been function. This feature allows the Web Developer instance of the external object, and therefore be the attacker to...
[SECURITY] Fedora 23 Update: kf5-kdewebkit-5.24.0-1.fc23
KDE Frameworks 5 Tier 3 integration module for the HTML rendering engine We bKit...
[SECURITY] Fedora 24 Update: kf5-kdewebkit-5.24.0-1.fc24
KDE Frameworks 5 Tier 3 integration module for the HTML rendering engine We bKit...
Microsoft Internet Explorer Cmarkup Memory Misreference Vulnerability
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A memory misreference vulnerability exists in Microsoft Internet Explorer Cmarkup, due to a failure to properly handle CMarkup in...
Metasploit Exploit Module for IE Zero-Day Vulnerability
It’s been 14 days since Microsoft issued an advisory and temporary mitigation for a zero-day vulnerability in Internet Explorer, one being actively exploited in the wild and called by some experts as severe a browser bug as you can have. Yet users have since had little more to shield them from...
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability
Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability
Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...
Internet Explorer HTML Rendering Engine onLoseCapture Use-After-Free Vulnerability
Added: 09/25/2013 CVE: CVE-2013-3893 BID: 62453 OSVDB: 97380 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer 6 through 11 contain a use-after-free vulnerability in the SetMouseCapture implementation in...
Microsoft Warns of New IE Zero Day
UPDATE–Microsoft is looking into reports of targeted attacks against a new vulnerability that exists in all supported versions of Internet Explorer. The attacks are targeting IE 8 and 9 and there’s no patch for the vulnerability right now, though Microsoft has developed a FixIt tool for it. “The...
Scientific Linux Security Update : elinks on SL4.x, SL5.x i386/x86_64
CVE-2007-2027 elinks tries to load .po files from a non-absolute path CVE-2008-7224 elinks: entitycache static array buffer overflow off-by-one An off-by-one buffer overflow flaw was discovered in the way ELinks handled its internal cache of string representations for HTML special entities. A...
CVE-2012-2364
Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...
Flock 2.6.1 Denial Of Service
Exploit Title: Flock 2.6.1 DoS Date: 29/03/2012 Author: r45c4l Email: [email protected] Product url: http://flock.en.softonic.com/ Version: 2.6.1 CVE : :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: Produ...