mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages

A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...

mod_cluster: JavaScript code injection is possible via MCMP mod_manager messages

A flaw was found in the way the modcluster manager processed certain MCMP messages. An attacker with access to the network from which MCMP messages are allowed to be sent could use this flaw to execute arbitrary JavaScript code in the modcluster manager web interface...

Mozilla Firefox/SeaMonkey Same Origin Policy Bypass Elevation of Privilege Vulnerability

Mozilla Firefox/SeaMonkey is a WEB browser/newsgroup client released by Mozilla. A same-origin policy bypass vulnerability exists in Mozilla Firefox/SeaMonkey, which can be exploited to bypass the same-origin policy via anchor navigation and execute arbitrary javascript code with elevated...

Mozilla Firefox ESR Multiple Vulnerabilities-01 (Apr 2015) - Windows

Mozilla Firefox ESR is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefoxesr";...

UBUNTU-CVE-2015-0816

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as...

UBUNTU-CVE-2015-0801

Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...

Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting

Palo Alto Traps Server 3.1.2.1546 - Persistent Cross-Site Scripting !/usr/bin/ruby =begin ------------------------------------------------------------------------ Product: Palo Alto Traps Server formerly Cyvera Endpoint Protection Vendor: Palo Alto Networks Vulnerable Versions: 3.1.2.1546 Tested...

MGASA-2015-0118 Updated dokuwiki package fixes security vulnerability

DokuWiki before 20140929d is vulnerable to a cross-site scripting XSS issue in the user manager. The user's details were not properly escaped in the user manager's edit form. This allows a registered user to edit her own name using the change profile option to include malicious JavaScript code. T...

Mozilla: Privilege escalation through SVG navigation (MFSA 2015-28)

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

Mozilla Firefox/Firefox ESR/SeaMonkey Arbitrary Code Execution Vulnerability

Mozilla Firefox, Firefox ESR and SeaMonkey are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.SeaMonkey is a free, open source, and cross-platform web suite. A security vulnerability in the asm.js implementation...

Microsoft Exchange Server CVE-2015-1630 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

Microsoft Exchange Server CVE-2015-1629 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...

Mao10CMS v3.1.0存储型xss

简要描述： rt 详细说明： 在发布文章处，插入xss代码 然后查看文章，直接执行了插入的js代码 在测试demo的时候被阿里云的防护拦截了 漏洞证明：...

Fedora 20 : kwebkitpart-1.3.4-5.fc20 (2014-15130)

Sanitize input to disallow JavaScript being executed in the context of the referenced hostname. See also https://www.kde.org/info/security/advisory-20141113-1.txt Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable h...

Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

MGASA-2014-0478 Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname CVE-2014-8600...

Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname CVE-2014-8600...

Direct Web Remoting (DWR) vulnerable to cross-site scripting

Overview Direct Web Remoting DWR is a Java framework for developing Ajax into web applications. DWR contains a cross-site scripting vulnerability CWE-79. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

kwebkitpart, kde-runtime -- insufficient input validation

Albert Aastals Cid reports: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname. Whilst in most cases, the JavaScript will be executed in an untrusted context, with the bookmarks IO slav...

New POODLE SSL 3.0 Attack Exploits Protocol Fallback Issue

A new attack on the SSLv3 protocol, disclosed Tuesday, takes advantage of an issue with the protocol that enables a network attacker to recover the plaintext communications of a victim. The attack is considered easier to exploit than similar previous attacks against SSL/TLS, such as BEAST and...