Lucene search
K

106 matches found

ATTACKERKB
ATTACKERKB
added 2012/08/12 9:55 p.m.4 views

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS5.2AI score0.01319EPSS
Exploits1References2
Cvelist
Cvelist
added 2012/08/12 9:0 p.m.25 views

CVE-2012-2587

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

5.7AI score0.01319EPSS
Exploits2References1
NVD
NVD
added 2011/01/03 8:0 p.m.20 views

CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

4.3CVSS5.5AI score0.027EPSS
Exploits1References13
Prion
Prion
added 2011/01/03 8:0 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

4.3CVSS6AI score0.027EPSS
Exploits1References13Affected Software1
Debian CVE
Debian CVE
added 2010/07/02 7:0 p.m.24 views

CVE-2009-4924

Removed by vendor...

4.3CVSS6.7AI score0.01343EPSS
Exploits0
Prion
Prion
added 2008/09/24 8:37 p.m.17 views

Code injection

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS7.4AI score0.04996EPSS
Exploits1References44Affected Software1
Cvelist
Cvelist
added 2008/09/24 6:0 p.m.26 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

9.6AI score0.04996EPSS
Exploits1References44
CVE
CVE
added 2008/09/24 6:0 p.m.290 views

CVE-2008-4059

CVE-2008-4059 affects the XPConnect component in Mozilla Firefox prior to 2.0.0.17, allowing a remote attacker to pollute XPCNativeWrappers and execute arbitrary code with chrome privileges via SCRIPT element vectors. The Ubuntu USN-645-2 advisory documents this CVE among Firefox/XULRunner-relate...

7.5CVSS9.6AI score0.04996EPSS
Exploits1References44Affected Software1
RedHat Linux
RedHat Linux
added 2008/09/24 2:4 a.m.5 views

Mozilla privilege escalation via XPCnativeWrapper pollution

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.2AI score0.04996EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/09/24 12:0 a.m.44 views

CVE-2008-4059

The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element...

7.5CVSS6.1AI score0.04996EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2008/07/07 12:0 a.m.27 views

CVE-2008-2800

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

4.3CVSS5.8AI score0.02009EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/07/02 12:37 p.m.4 views

Firefox XSS attacks

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting XSS attacks via vectors involving 1 an event handler attached to an outer window, 2 a SCRIPT element in an unloaded document, or 3 the...

4.3CVSS5.6AI score0.02009EPSS
Exploits1References4
Cvelist
Cvelist
added 2007/11/05 7:0 p.m.21 views

CVE-2007-5834

Cross-site scripting XSS vulnerability in BosDev BosNews 4 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in a news post...

5.6AI score0.01022EPSS
Exploits0References3
Prion
Prion
added 2007/07/17 10:30 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

2.6CVSS6AI score0.0152EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2007/04/30 11:19 p.m.18 views

Design/Logic Flaw

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS7AI score0.01557EPSS
Exploits0References2
NVD
NVD
added 2007/04/30 11:19 p.m.25 views

CVE-2007-2382

The Moo.fx framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS6.5AI score0.01557EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/04/30 11:19 p.m.29 views

CVE-2007-2384

The Script.aculo.us framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using...

7.8CVSS5.9AI score0.01341EPSS
Exploits0References2
NVD
NVD
added 2007/04/30 11:19 p.m.25 views

CVE-2007-2381

The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...

5CVSS6.5AI score0.01631EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/04/30 11:19 p.m.22 views

CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

5CVSS6AI score0.02374EPSS
Exploits0References2
OSV
OSV
added 2007/04/30 11:19 p.m.2 views

DEBIAN-CVE-2007-2383

The Prototype prototypejs framework before 1.5.1 RC3 exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

5CVSS6.5AI score0.02374EPSS
Exploits0References1
Rows per page
Query Builder