ClassLink OneClick Browser Extension / Agent Universal XSS / Remote Code Execution

The ClassLink OneClick Browser Extension and the ClassLink Agent are vulnerable to Universal XSS and Remote Code Execution. Vendor has released software updates to fix both vulnerabilities on 3 June 2018. === Vendor === ClassLink: https://www.classlink.com === Vulnerability 1: Universal XSS throu...

VPNFilter Malware Impact Larger Than Previously Thought

Researchers say the impact of the VPNFilter malware discovered last month is larger than originally reported. On Wednesday, Cisco Talos researchers said they now believe the malware has infected twice the number of router brands than previously stated. They added that VPNFilter also delivers a mo...

Destructive and MiTM Capabilities of VPNFilter Malware Revealed

It turns out that the threat of the massive VPNFilter botnet malware that was discovered late last month is beyond what we initially thought. Security researchers from Cisco's Talos cyber intelligence have today uncovered more details about VPNFilter malware, an advanced piece of IoT botnet malwa...

VPNFilter Update - VPNFilter exploits endpoints, targets new devices

Introduction Cisco Talos, while working with our various intelligence partners, has discovered additional details regarding "VPNFilter." In the days since we first published our findings on the campaign, we have seen that VPNFilter is targeting more makes/models of devices than initially thought,...

Security fix for the ALT Linux 10 package firefox-esr version 60.0.1-alt1

June 5, 2018 Andrey Cherepanov 60.0.1-alt1 - New ESR version 60.0.1. - Fixed: + CVE-2018-5154: Use-after-free with SVG animations and clip paths + CVE-2018-5155: Use-after-free with SVG animations and text paths + CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files +...

CVE-2018-11486

An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting XSS vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CS...

Design/Logic Flaw

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2014-10065

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2016-10531

CVE-2016-10531 affects the marked library (0.3.5 and earlier). The issue arises when parsing HTML entities: &#xNN... leaves trailing text, allowing bypass of sanitize: true and injection of a javascript: URL. This enables cross-site scripting via markdown-rendered links. Affected: marked where li...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The library does not properly sanitize the parent variable in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

sinatra is vulnerable to cross-site scripting XSS attacks. The library fails to properly escape the e.message variable in a bad request page, allowing a malicious user to inject and execute arbitrary Javascript...

MISP cross-site scripting vulnerability (CNVD-2018-10868)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Elements/eventattribute.ctp file in MISP version...

EulerOS 2.0 SP1 : firefox (EulerOS-SA-2018-1125)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free in compositor potentially allows code execution CVE-2018-5148 - Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8...

Stored Cross-Site Scripting Vulnerability in Safetrans SaaS System

The SaaS system is an informatization system developed by Xiaobei Technology for medium and large-scale sports events and outdoor activities, providing one-stop informatization solutions for organizers in the areas of event release, registration and collection, membership marketing, photo sharing...

WordPress Loginizer Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Loginizer plugin is one of the access control plugin. A cross-site scripting vulnerability exists in the...

CentOS Update for firefox CESA-2018:1414 centos6

Check the version of firefox SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882879";...

marte.sid.inpe.br XSS vulnerability

Open Bug Bounty ID: OBB-618194 Description| Value ---|--- Affected Website:| marte.sid.inpe.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20180515)

This update upgrades Firefox to version 52.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20180515)

This update upgrades Firefox to version 52.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...