Lucene search
K

256 matches found

FreeBSD
FreeBSD
added 2018/09/05 12:0 a.m.510 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...

9.8CVSS0.5AI score0.03662EPSS
Exploits6References2
Github Security Blog
Github Security Blog
added 2018/07/23 7:51 p.m.22 views

feedparser Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

4.3CVSS5.2AI score0.02326EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

7.5CVSS5.6AI score0.01862EPSS
Exploits1References4
CVE
CVE
added 2018/06/11 9:0 p.m.77 views

CVE-2017-5450

CVE-2017-5450 describes a spoofing vulnerability in Firefox for Android where the address bar can be spoofed via a javascript: URI due to incorrect parsing of the base URL. Affected: Firefox for Android versions

7.5CVSS7.4AI score0.01862EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/06/11 9:0 p.m.24 views

CVE-2017-5450

A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...

7.6AI score0.01862EPSS
Exploits1References4
CNVD
CNVD
added 2018/01/03 12:0 a.m.6 views

Liferay Portal CE /html/portal/flash.jsp page cross-site scripting vulnerability

Liferay Portal CE is an open source enterprise networking platform. The platform is used to build company operations, business solutions. A cross-site scripting vulnerability exists in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and earlier versions. A remote attacker can exploit...

6.1CVSS5.9AI score0.01009EPSS
Exploits0References1
Prion
Prion
added 2018/01/02 11:29 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

4.3CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2018/01/02 11:29 p.m.17 views

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

6.1CVSS6.2AI score
Exploits0References2
Cvelist
Cvelist
added 2018/01/02 11:0 p.m.19 views

CVE-2017-1000425

Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...

6AI score0.01009EPSS
Exploits0References2
CVE
CVE
added 2018/01/02 11:0 p.m.66 views

CVE-2017-1000425

CVE-2017-1000425 is a cross-site scripting vulnerability in Liferay Portal CE 7.0 GA4 and older, exploitable via a javascript: URI in the movie parameter of /html/portal/flash.jsp. Affected component: flash.jsp in the portal; root cause: insufficient input sanitization of the movie parameter lead...

6.1CVSS6AI score0.01009EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/10/24 6:33 p.m.27 views

GHSA-R23G-3QW4-GFH2 RedCloth Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

4.3CVSS7.6AI score0.02253EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.24 views

RedCloth Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

4.3CVSS8AI score0.02253EPSS
Exploits1References8Affected Software1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.32 views

Moderate severity vulnerability that affects validator

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

6.1CVSS4.9AI score0.02048EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2017/01/23 9:59 p.m.18 views

Cross site scripting

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

4.3CVSS6AI score0.02048EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/01/23 9:59 p.m.26 views

CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

6.1CVSS6AI score0.02048EPSS
Exploits0References2
OSV
OSV
added 2017/01/23 9:59 p.m.4 views

UBUNTU-CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

6.1CVSS6.7AI score0.02048EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/01/23 9:0 p.m.35 views

CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...

6AI score0.02048EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/01/23 9:0 p.m.22 views

CVE-2013-7452

Removed by vendor...

6.1CVSS6.6AI score0.02048EPSS
Exploits0
Packet Storm
Packet Storm
added 2016/09/09 12:0 a.m.22 views

Airmail 3.0.2 Cross Site Scripting

Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...

Exploits0
0day.today
0day.today
added 2016/09/09 12:0 a.m.21 views

Airmail 3.0.2 - Cross-Site Scripting

Exploit for macOS platform in category web applications Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, email protected Date: 2016-08-15 Version: 3.0.2 and earlier...

7AI score
Exploits0
Rows per page
Query Builder