CVE-2016-5201

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...

CVE-2016-5201

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...

CVE-2016-5201

Removed by vendor...

Cross-site Scripting (XSS)

mobiledoc-dom-renderer is vulnerable to cross-site scripting XSS attacks. These attacks are possible through link values as they are not escaped, allowing malicious users to execute JavaScript code...

LocalTapiola: Reflected XSS and Open Redirect in several parameters (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The values within the ctx tag, are not filtered, they are reflected inside a javascript code in http://viestinta.lahitapiola.fi/webApp/APP3242, which can be exploited to perform an XSS Attack. The parameter are: ctxothersDrivingmagallupcount...

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...

Open redirect

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed...

CVE-2016-5740

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. Th...

CVE-2016-6842

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed...

Mozilla Firefox ESR 45.x < 45.6 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is 45.x prior to 45.6. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, such as when handling document state changes or HTML5 content, or else due to...

Mozilla Firefox ESR 45.x < 45.6 Multiple Vulnerabilities

The version of Mozilla Firefox ESR installed on the remote Windows host is 45.x prior to 45.6. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, such as when handling document state changes or HTML5 content, or else due to dereferencing alrea...

Cross-site Scripting (XSS)

Grails-core is vulnerable to cross-site scripting XSS attacks through the default error handler. The default error handler does not sanitize user-input values when displaying an error, allowing an attacker to inject arbitrary Javascript code into a victim's browser...

CVE-2016-8506

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code...

CVE-2016-8505

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code...

CVE-2016-8506

CVE-2016-8506 affects Yandex Browser for desktop, specifically the Translator component. The vulnerability is an Cross-Site Scripting flaw in Yandex Browser Translator present in versions 15.12 through 16.2, allowing a remote attacker to execute arbitrary JavaScript. No patch/version remediation ...

CVE-2016-8506

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code...

CVE-2016-8505

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code...

Pootle Server < 2.7.3 Multiple XSS Vulnerabilities

Pootle server is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Kmail JS Code Execution Vulnerability

KMail is a mail client for KDE that supports protocols such as IMAP and POP3. A JS code execution vulnerability exists in Kmail, which can be exploited by an attacker to execute JS code...

XSS Vulnerability in NetEase Email Master Client PC Version

NetEase Mail Master client is a universal email client launched by NetEase 163. An XSS vulnerability exists in the PC version Ver2.4.1.8 of the NetEase Mail Master client. It allows attackers to insert malicious js code into the page to obtain user cookies and other information, leading to user...