256 matches found
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12377: Use-after-free in refresh driver timers CVE-2018-12378: Use-after-free in IndexedDB CVE-2018-12379: Out-of-bounds write with malicious MAR file CVE-2017-16541: Proxy bypass using automount and autofs CVE-2018-12381: Dragging and dropping Outlook email...
feedparser Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...
CVE-2017-5450
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
CVE-2017-5450
CVE-2017-5450 describes a spoofing vulnerability in Firefox for Android where the address bar can be spoofed via a javascript: URI due to incorrect parsing of the base URL. Affected: Firefox for Android versions
CVE-2017-5450
A mechanism to spoof the Firefox for Android addressbar using a "javascript:" URI. On Firefox for Android, the base domain is parsed incorrectly, making the resulting location less visibly a spoofed site and showing an incorrect domain in appended notifications. This vulnerability affects Firefox...
Liferay Portal CE /html/portal/flash.jsp page cross-site scripting vulnerability
Liferay Portal CE is an open source enterprise networking platform. The platform is used to build company operations, business solutions. A cross-site scripting vulnerability exists in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and earlier versions. A remote attacker can exploit...
Cross site scripting
Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...
CVE-2017-1000425
Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...
CVE-2017-1000425
Cross-site scripting XSS vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter...
CVE-2017-1000425
CVE-2017-1000425 is a cross-site scripting vulnerability in Liferay Portal CE 7.0 GA4 and older, exploitable via a javascript: URI in the movie parameter of /html/portal/flash.jsp. Affected component: flash.jsp in the portal; root cause: insufficient input sanitization of the movie parameter lead...
GHSA-R23G-3QW4-GFH2 RedCloth Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
RedCloth Cross-site Scripting vulnerability
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
Moderate severity vulnerability that affects validator
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
Cross site scripting
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
UBUNTU-CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2013-7452
Removed by vendor...
Airmail 3.0.2 Cross Site Scripting
Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...
Airmail 3.0.2 - Cross-Site Scripting
Exploit for macOS platform in category web applications Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, email protected Date: 2016-08-15 Version: 3.0.2 and earlier...