DEBIAN-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

UBUNTU-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

Cross-Site Scripting (XSS)

react-autolinker-wrapper is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser as the library does not validate user input and directly render the user provided data when calling the invokeLink method, allowing the conversion o...

UBUNTU-CVE-2019-16728

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS mXSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2436-1)

This update for MozillaFirefox to ESR 60.9 fixes the following issues : Security issues fixed : CVE-2019-11742: Fixed a same-origin policy violation involving SVG filters and canvas to steal cross-origin images. bsc1149303 CVE-2019-11746: Fixed a use-after-free while manipulating video. bsc114929...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Mozilla: XSS by breaking out of title and textarea elements using innerHTML

Some HTML elements, such as title and textarea, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if...

Cross-site Scripting (XSS)

Mozilla is vulnerable to cross-site scripting XSS. It does not handle the parameters provided through title and textarea elements using innerHTML, allowing an attacker to inject arbitrary scripts through it...

Mozilla Firefox < 68.0

The version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such ...

Cross-site Scripting (XSS)

@ionic/core is vulnerable to cross-site scripting XSS. The attack exists because the unsafe innerHTML function is rendered directly on the alert-message string with the following components: .message,.placeholder, .loadingText, .pullingText, .refershingText...

GHSA-8V67-X8Q5-3X3G Cross-Site Scripting in simditor

Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.3.22 or later...

Ed: DOM XSS in edoverflow.com/tools/respond due to unsafe usage of the innerHTML property.

Hi, There's a DOM XSS vulnerability on edoverflow.com. This cannot be exploited without user-interaction so I had to make a clickjacking PoC to trick the user in triggering the payload her/himself. Reproduction Steps 1. Open the attached HTML document in FireFox. 2. Drag Frog 1 to the other two...

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...