4739 matches found
CVE-2016-3015
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
CVE-2016-3031
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
CVE-2016-10226
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...
Type confusion
runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...
CVE-2016-10226
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...
Out-of-bounds
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...
CVE-2016-10226
JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...
CVE-2017-5949
Removed by vendor...
CVE-2016-10226
Removed by vendor...
macOS : Apple Safari < 10.1 Multiple Vulnerabilities
The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause ...
CVE-2017-1120
IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 2000152...
phplist cross-site scripting vulnerability (CNVD-2017-04340)
phplist is an application written in PHP for news management. A cross-site scripting vulnerability exists in phplist, which can be exploited by an attacker to trigger a cross-site scripting attack by writing arbitrary JavaScript code...
CVE-2017-2661
It was found that pcsd was vulnerable to reflected cross-site scripting XSS attacks while handling node names during creation or import of a cluster. An attacker could use this flaw to run javascript code in an authenticated session...
Stored Cross-Site Scripting (XSS)
Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...
Cross site scripting
IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : C1000264...
Cross site scripting
IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1999534...
CVE-2017-5928
The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...
Code injection
The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...
CVE-2017-5928
The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...
CVE-2017-5928
CVE-2017-5928 maps to a timing-related vulnerability in the W3C High Resolution Time API. The issue arises because memory-reference times can be measured in ways Cited as a “Time to Tick” approach, which bypasses protection mechanisms (e.g., Mozilla’s 1167489#c9) and facilitates AnC-style attacks...