Lucene search
K

5964 matches found

NVD
NVD
added 2018/06/26 4:29 p.m.29 views

CVE-2018-1000516

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

6.1CVSS6.4AI score0.01042EPSS
Exploits0References1
OSV
OSV
added 2018/06/26 4:29 p.m.4 views

CVE-2018-1000513

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting XSS vulnerability in Boxes that can result in JS code execution against LimeSurvey admins. This vulnerability appears to have been fixed in 3.6.x...

4.8CVSS6.2AI score0.0071EPSS
Exploits1References1
PyPA
PyPA
added 2018/06/26 4:29 p.m.7 views

PYSEC-2018-149

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

6.1CVSS6.6AI score0.01042EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/06/26 4:29 p.m.18 views

Cross site scripting

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

4.3CVSS6.3AI score0.01042EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2018/06/13 12:0 a.m.5 views

crud-file-server node module cross-site scripting vulnerability

The crud-file-server node module is a file server that supports create, read, update and delete functions. A cross-site scripting vulnerability exists in crud-file-server node module versions prior to 0.8.0, which stems from the program's lack of file name validation. A remote attacker can exploi...

6.1CVSS6.5AI score0.01046EPSS
Exploits1References1
NVD
NVD
added 2018/06/11 9:29 p.m.19 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS8.5AI score0.02008EPSS
Exploits0References7
OSV
OSV
added 2018/06/11 9:29 p.m.7 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS8.4AI score
Exploits0References7
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

6.1CVSS7.3AI score0.01544EPSS
Exploits0References4
NVD
NVD
added 2018/06/11 9:29 p.m.17 views

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

9.8CVSS9AI score0.02916EPSS
Exploits0References8
OSV
OSV
added 2018/06/11 9:29 p.m.1 views

DEBIAN-CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

9.8CVSS8.6AI score0.02916EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.9 views

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

9.8CVSS9AI score
Exploits0References8
Prion
Prion
added 2018/06/11 9:29 p.m.40 views

Cross site scripting

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting self-XSS attacks where users are...

4.3CVSS6.8AI score0.01143EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2018/06/11 9:29 p.m.22 views

Format string

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

6.8CVSS8.2AI score0.02008EPSS
Exploits0References7Affected Software7
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.22 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.4AI score0.02008EPSS
Exploits0References7
CVE
CVE
added 2018/06/11 9:0 p.m.177 views

CVE-2016-9901

CVE-2016-9901 affects Mozilla Firefox and Firefox ESR. Un-sanitized HTML from the Pocket server could execute JavaScript in the unprivileged about:pocket-saved context, gaining access to Pocket’s messaging API via HTML injection. Impact stated as high/critical by CVSS. Remediation: update to Fire...

9.8CVSS8.8AI score0.02916EPSS
Exploits0References8Affected Software5
CVE
CVE
added 2018/06/11 9:0 p.m.116 views

CVE-2017-7846

CVE-2017-7846 affects Mozilla Thunderbird. The issue arises in parsing RSS feeds when viewed via website or default feed format, allowing JavaScript execution from the parsed feed (feed origin mailbox://). Published mitigations indicate Thunderbird versions up to 52.5.2 are affected, with fixes i...

8.8CVSS8.2AI score0.02008EPSS
Exploits0References7Affected Software5
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.25 views

CVE-2017-7846

It is possible to execute JavaScript in the parsed RSS feed when RSS feed is viewed as a website, e.g. via "View - Feed article - Website" or in the standard format of "View - Feed article - default format". This vulnerability affects Thunderbird 52.5.2...

8.8CVSS8.7AI score0.02008EPSS
Exploits0
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.28 views

CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

9AI score0.02916EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2018/06/11 9:0 p.m.25 views

CVE-2017-7839

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting self-XSS attacks where users are...

6.1CVSS8AI score0.01143EPSS
Exploits0
The Hacker Blog
The Hacker Blog
added 2018/06/08 2:24 a.m.18 views

Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper

Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s...

6.1AI score
Exploits0
Rows per page
Query Builder