Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering of attributes using spread syntax from untrusted data, which includes event handler properties in the HTML output. An attacker...

Astra Linux - уязвимость в thunderbird

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird...

EUVD-1999-0790

Malware in sbrugna...

Mozilla Multiple Products Remote Code Execution Vulnerability

Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of...

Mozilla: JavaScript unexpectedly enabled for the composition area

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird...

Mozilla: JavaScript unexpectedly enabled for the composition area

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird...

LiveLike - Dangerous filesystem permissions, External URLs, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application LiveLike published at the 'play' market has multiple vulnerabilities...

KEOS Esenyurt - Suspicious files, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application KEOS Esenyurt published at the 'play' market has multiple vulnerabilities...

VM Manager - Unsafe deleting, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application VM Manager published at the 'play' market has multiple vulnerabilities...

CVE-2016-7967

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled...

Университет ИТМО - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Университет ИТМО published at the 'play' market has multiple vulnerabilities...

M-Drill - Suspicious files, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application M-Drill published at the 'play' market has multiple vulnerabilities...

Jump Steeve minecraft style - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Jump Steeve minecraft style published at the 'play' market has multiple vulnerabilities...

BheemandGaneshaActionComic - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application BheemandGaneshaActionComic published at the 'play' market has multiple vulnerabilities...

Jewels 2 FREE - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Jewels 2 FREE published at the 'play' market has multiple vulnerabilities...

DigiBirds™ Magic Tunes & Games - Native code usage, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application DigiBirds™ Magic Tunes & Games published at the 'play' market has multiple vulnerabilities...

Lets get WASTED! Drinking Game - External URLs, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application Lets get WASTED! Drinking Game published at the 'play' market has multiple vulnerabilities...

Wind Free - External URLs, WebView JavaScript enabled, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Wind Free published at the 'play' market has multiple vulnerabilities...

SeatGuru: Maps+Flights+Tracker - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application SeatGuru: Maps+Flights+Tracker published at the 'play' market has multiple vulnerabilities...

AbfallApp Myk - Exported ContentProvider, Unsafe deleting, WebView JavaScript enabled vulnerabilities

HackApp vulnerability scanner discovered that application AbfallApp Myk published at the 'play' market has multiple vulnerabilities...