Lucene search
K

5964 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2017/12/25 3:7 a.m.85 views

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

1.9AI score0.02008EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/25 3:7 a.m.81 views

Security update for Mozilla Thunderbird (important)

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

1.9AI score0.02008EPSS
Exploits1References4
CNVD
CNVD
added 2017/12/25 12:0 a.m.2 views

ServersCheck Monitoring Software Cross-Site Scripting Vulnerability

ServersCheck Monitoring Software is a suite of browser-based network inspection tools from ServersCheck Belgium. The tool monitors, reports, and provides early warning of problems with system performance and reliability. A cross-site scripting vulnerability exists in ServersCheck Monitoring...

5.4CVSS6.4AI score0.00707EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2017/12/25 12:0 a.m.32 views

openSUSE: Security Advisory for Mozilla (openSUSE-SU-2017:3434-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS6.8AI score0.02008EPSS
Exploits1References2
OSV
OSV
added 2017/12/24 10:29 p.m.5 views

OPENSUSE-SU-2017:3433-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

8.8CVSS6.5AI score0.02008EPSS
Exploits1References9
OSV
OSV
added 2017/12/24 10:29 p.m.6 views

OPENSUSE-SU-2017:3434-1 Security update for Mozilla Thunderbird

This update for Mozilla Thunderbird to version 52.5.2 fixes the following vulnerabilities: - CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin bsc1074043 - CVE-2017-7847: Local path string can be leaked from RSS feed bsc1074044 - CVE-2017-7848: RSS Feed vulnerable to new line...

8.8CVSS6.5AI score0.02008EPSS
Exploits1References9
CNVD
CNVD
added 2017/12/22 12:0 a.m.2 views

Code-Crafters Ability Mail Server Cross-Site Scripting Vulnerability

Code-Crafters Ability Mail Server is a set of mail server software from Code-Crafters Software UK. The software provides SMTP, POP3, WebMail and other common functions, and supports remote management, virus protection, content filtering and so on. A cross-site scripting vulnerability exists in...

6.1CVSS6.6AI score0.01383EPSS
Exploits5References1
FreeBSD
FreeBSD
added 2017/12/22 12:0 a.m.58 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2017-7845: Buffer overflow when drawing and validating elements with ANGLE library using Direct 3D 9 CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin CVE-2017-7847: Local path string can be leaked from RSS feed CVE-2017-7848: RSS Feed vulnerable to...

9.3CVSS2.5AI score0.03215EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2017/12/21 12:0 a.m.7 views

The vulnerability of the Bookmarks component in Google Chrome allows a hacker to execute a JavaScript script on pages with the URL chrome://.

The vulnerability of the Bookmarks component in Google Chrome browser is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute a JavaScript script on the chrome:// page remotely, using a specially crafted tab...

6.1CVSS7.8AI score0.01064EPSS
Exploits0References7
CNVD
CNVD
added 2017/12/20 12:0 a.m.7 views

Vmware ESXi Host Client Cross-Site Scripting Vulnerability

VMware ESXi is a bare-metal virtualization hypervisor from VMware that is installed directly on a physical server and divides the physical server into multiple virtual machines. The program features less disk space, higher reliability and security. A cross-site scripting vulnerability exists in...

6.1CVSS6.3AI score0.0091EPSS
Exploits0References1
OSV
OSV
added 2017/11/17 2:29 a.m.18 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.1CVSS7AI score
Exploits0References1
Prion
Prion
added 2017/11/17 2:29 a.m.19 views

Cross site scripting

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

4.3CVSS6.4AI score0.01003EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/11/17 2:0 a.m.51 views

CVE-2017-1000193

October CMS build 412 is vulnerable to stored WCI a.k.a XSS in brand logo image name resulting in JavaScript code execution in the victim's browser...

6.5AI score0.01003EPSS
Exploits0References1
CNVD
CNVD
added 2017/11/17 12:0 a.m.4 views

October CMS Cross-Site Scripting Vulnerability (CNVD-2017-37277)

OctoberCMS is a CMS system based on Laravel PHP development framework. A cross-site scripting vulnerability exists in the brand logo image name in October CMS build 412. An attacker can exploit this vulnerability to execute JavaScript code in the victim's browser...

6.1CVSS6.5AI score0.01003EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/11/15 12:0 a.m.25 views

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

6.1CVSS7AI score0.01544EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/11/15 12:0 a.m.26 views

CVE-2017-7839

Control characters prepended before "javascript:" URLs pasted in the addressbar can cause the leading characters to be ignored and the pasted JavaScript to be executed instead of being blocked. This could be used in social engineering and self-cross-site-scripting self-XSS attacks where users are...

6.1CVSS6.8AI score0.01143EPSS
Exploits0References3
OSV
OSV
added 2017/10/27 1:29 p.m.4 views

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

6.1CVSS6.1AI score
Exploits0References3
OSV
OSV
added 2017/10/27 5:29 a.m.10 views

UBUNTU-CVE-2017-5085

Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...

6.1CVSS6.9AI score0.01064EPSS
Exploits0References3
Prion
Prion
added 2017/10/26 5:29 p.m.14 views

Design/Logic Flaw

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

3.5CVSS5.6AI score0.00728EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2017/10/26 5:0 p.m.59 views

CVE-2017-15911

The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...

4.8CVSS5.6AI score0.00728EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder