Design/Logic Flaw

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...

CVE-2017-17692

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...

[ASA-201712-8] chromium: cross-site scripting

Arch Linux Security Advisory ASA-201712-8 ========================================= Severity: High Date : 2017-12-16 CVE-ID : CVE-2017-15429 Package : chromium Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-546 Summary ======= The package chromium before versio...

CVE-2017-1546

IBM DOORS Next Generation DNG/RRC 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-1683

IBM Connections Engagement Center 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 134005...

CVE-2017-1549

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289...

CVE-2017-1498

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020...

Cross-Site Scripting (XSS)

sentry is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to the usage of a blacklist approach instead of a whitelist approach. It is possible for an adversary to create links which can cause JavaScript code to be executed...

Arbitrary Code Execution

mathjs is vulnerable to arbitrary code execution attacks. The attacks are possible because it uses the unsafe method typed-function, which allows the creation of a typed function with JavaScript code in the name...

CVE-2017-1678

IBM DOORS Next Generation DNG/RRC 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

Privilege escalation

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

CVE-2017-8153

Huawei VMall for Android with the versions before 1.5.8.5 have a privilege elevation vulnerability due to improper design. An attacker can trick users into installing a malicious app which can send out HTTP requests and execute JavaScript code in web pages without obtaining the Internet access...

MyTy 5.1.7 Cross Site Scripting Vulnerability

MyTy versions 5.0.4 through 5.1.7 suffer from a cross site scripting vulnerability. Product: MyTy Vendor: Finlane GmbH CSNC ID: CSNC-2017-030 CVE ID: - Subject: Reflected Cross-Site Scripting XSS Risk: High Effect: Remotely exploitable Author: Nicolas Heiniger Date: 21.11.2017 Introduction:...

WordPress Yoast SEO Cross Site Scripting

Discoverer: Elias Dimopoulos Linkedin: https://gr.linkedin.com/in/dimopouloselias Vulnerability: Reflected XSS Affected plugin: Yoast SEO plugin alertwindow.location!-- The victim has to have a valid profile under http://victim/wp-admin/admin.php?page=wpseosearchconsole&tab=settings example:...

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

CVE-2017-1000193

October CMS 412 is reported to be vulnerable to a stored XSS (WCI) via the brand logo image name, allowing injected JavaScript to execute in the victim’s browser. The root cause, as described in the connected materials, is a stored XSS flaw in the brand logo handling. The documents do not specify...

Cross site scripting

Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title...

Cross site scripting

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...