256 matches found
PT-2024-21331 · Mozilla · Firefox
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An attacker could execute unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Recommendations: For Firefox for iOS...
Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...
CVE-2024-0606
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...
CVE-2024-0606
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...
CVE-2024-0605
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...
CVE-2024-0606
CVE-2024-0606 affects Mozilla Focus for iOS before version 122. The issue is a UXSS vulnerability where an attacker can execute unauthorized scripts on a legitimate site by opening a javascript: URI via window.open(), leading to unauthorized actions within the user’s loaded webpage. Connected sou...
CVE-2024-0606
An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...
CVE-2024-0605
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...
Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla
Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. An attacker could execut...
CVE-2024-21637 XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with responsemode=formpost. This relatively user could use the described attacks to perform a privilege escalation. This...
Default credentials
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment
In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...
PT-2023-23087 · Apollo · Apollo
Name of the Vulnerable Software and Affected Versions: Apollo affected versions not specified Description: The issue allows comments added by users in Apollo change requests to contain a javascript URI link. When rendered, this link can result in a cross-site scripting XSS attack that requires us...
SUSE CVE-2007-0780
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...
SUSE CVE-2009-1310
Cross-site scripting XSS vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element...
SUSE CVE-2009-1597
Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as...
SUSE CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...
SUSE CVE-2010-4567
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a 1 javascript: or 2 data: URI, which allows remote attackers to conduct cross-site scripting XSS attacks via the URL aka bugfileloc field...
SUSE CVE-2011-1158
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...
SUSE CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...