UBUNTU-CVE-2018-18245

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

Code injection

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

CVE-2018-18245

Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified checkload plugin to NRPE...

CVE-2018-18245

CVE-2018-18245 : Nagios Core 4.4.2 is vulnerable to a cross-site scripting (XSS) in the alert summary reports of plugin results, demonstrated by a SCRIPT element delivered via a modified check_load plugin to NRPE. The issue stems from user-facing output in the alert summary report, enabling injec...

Design/Logic Flaw

panel/uploads/elfl1XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element...

Cross site scripting

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...

CVE-2018-16729

Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages-manage under admin.php?action=files...

CVE-2018-10799

A hang issue was discovered in Brave before 0.14.0 on, for example, Linux. This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element...

Design/Logic Flaw

A hang issue was discovered in Brave before 0.14.0 on, for example, Linux. This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element...

CVE-2018-10799

The affected software is Brave (pre-0.14.0, e.g., on Linux). The issue arises from mishandling a long URL formed via window.location+= '?\u202a\uFEFF\u202b'; in a SCRIPT element, causing a hang/denial of service. Connected sources (Red Hat advisory, NVD entries, CNVD, etc.) confirm the same descr...

Cross site scripting

Zurmo 3.1.1 Stable allows a Cross-Site Scripting XSS attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse...

CVE-2015-2870

Cross-site scripting XSS vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element...

Cross site scripting

Cross-site scripting XSS vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element...

CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

CVE-2015-2308

Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element...

chromium-browser: Cross-origin bypass in DOM.

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

UBUNTU-CVE-2015-1253

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask...

CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...

CVE-2015-1218

Removed by vendor...

Google Chrome Blink Memory Misreference Vulnerability (CNVD-2015-01511)

Google Chrome is a web browsing tool developed by Google. Google Chrome 41.0.2272.76 before the version used in Blink in the DOM implementation of the process of core/html/HTMLScriptElement.cpp file in the 'HTMLScriptElement::' function and core/svg/SVGScriptElement.cpp file 'didMoveToNewDocument...