Lucene search
K

256 matches found

Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.7 views

PT-2024-21331 · Mozilla · Firefox

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 123 Description: An attacker could execute unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. Recommendations: For Firefox for iOS...

7.8CVSS6.7AI score0.00278EPSS
Exploits0References4
Mozilla
Mozilla
added 2024/02/19 12:0 a.m.22 views

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition...

8.1CVSS7AI score0.00387EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/22 7:15 p.m.17 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS5.9AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2024/01/22 7:15 p.m.9 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.1CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2024/01/22 7:15 p.m.9 views

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

7.5CVSS7.4AI score
Exploits0References2
CVE
CVE
added 2024/01/22 6:23 p.m.57 views

CVE-2024-0606

CVE-2024-0606 affects Mozilla Focus for iOS before version 122. The issue is a UXSS vulnerability where an attacker can execute unauthorized scripts on a legitimate site by opening a javascript: URI via window.open(), leading to unauthorized actions within the user’s loaded webpage. Connected sou...

6.1CVSS6.1AI score0.00283EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/22 6:23 p.m.20 views

CVE-2024-0606

An attacker could execute unauthorized script on a legitimate site through UXSS using window.open by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS 122...

6.3AI score0.00283EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/01/22 6:23 p.m.3 views

CVE-2024-0605

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affec...

7.5AI score0.00387EPSS
Exploits0References2
Mozilla
Mozilla
added 2024/01/22 12:0 a.m.34 views

Security Vulnerabilities fixed in Focus for iOS 122 — Mozilla

Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. An attacker could execut...

7.5CVSS7.7AI score0.00387EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/11 5:49 a.m.3 views

CVE-2024-21637 XSS in Authentik via JavaScript-URI as Redirect URI and form_post Response Mode

Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with responsemode=formpost. This relatively user could use the described attacks to perform a privilege escalation. This...

7.6CVSS6.5AI score0.00547EPSS
Exploits0References3
Prion
Prion
added 2023/09/27 3:18 p.m.26 views

Default credentials

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

4.9CVSS5.2AI score0.00306EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/26 5:56 p.m.30 views

CVE-2023-30959 Stored XSS via javascript URI in Apollo Change Requests comment

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction...

4.1CVSS5.4AI score0.00306EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/09/26 12:0 a.m.4 views

PT-2023-23087 · Apollo · Apollo

Name of the Vulnerable Software and Affected Versions: Apollo affected versions not specified Description: The issue allows comments added by users in Apollo change requests to contain a javascript URI link. When rendered, this link can result in a cross-site scripting XSS attack that requires us...

5.4CVSS5.2AI score0.00306EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.6 views

SUSE CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting XSS attacks by opening a blocked popup originating from a javascript: URI in...

6.8CVSS8.1AI score0.02494EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.3 views

SUSE CVE-2009-1310

Cross-site scripting XSS vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element...

4.3CVSS7.4AI score0.0151EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.6 views

SUSE CVE-2009-1597

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as...

9.3CVSS6.7AI score0.01736EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.5 views

SUSE CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

9.3CVSS7.2AI score0.04471EPSS
Exploits2References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.3 views

SUSE CVE-2010-4567

Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a 1 javascript: or 2 data: URI, which allows remote attackers to conduct cross-site scripting XSS attacks via the URL aka bugfileloc field...

4.3CVSS5.9AI score0.01785EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1158

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

4.3CVSS6AI score0.02326EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2012-6684

Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...

4.3CVSS7.8AI score0.02253EPSS
Exploits1References3
Rows per page
Query Builder