260 matches found
[SECURITY] [DSA 4681-1] webkit2gtk security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4681-1 [email protected] https://www.debian.org/security/ Alberto Garcia May 07, 2020 https://www.debian.org/security/faq -...
Cross-site Scripting (XSS)
setroubleshoot is vulnerable to cross-site scripting XSS. The vulnerability exists as a flaw was found in the way sealert displayed records from the setroubleshoot database as unescaped HTML. An local unprivileged attacker could cause AVC denial events with carefully crafted process or file names...
CVE-2020-3902
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...
Cross site scripting
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...
CVE-2020-3902
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site...
KLA11705 Multiple vulnerabilities in Apple iCloud
Multiple vulnerabilities were found in Apple iCloud. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, perform cross-site scripting attack, obtain sensitive information. Below is a complete list of vulnerabilities: ...
Spoofing Vulnerability
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2012-1948,...
Microsoft Office Elevation of Privilege Vulnerability (CNVD-2018-12577)
Microsoft Office Online Server 2016 and Office Web Apps Server 2013 SP1 are both products of Microsoft Corporation USA.Microsoft Office Online Server 2016 is a Web-based office software suite. Office Web Apps Server 2013 SP1 is an Office Server product that provides browser-based file viewing and...
Microsoft SharePoint Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...
CVE-2017-7823
The content security policy CSP "sandbox" directive did not create a unique origin for the document, causing it to behave as if the "allow-same-origin" keyword were always specified. This could allow a Cross-Site Scripting XSS attack to be launched from unsafe content. This vulnerability affects...
CVE-2017-5466
If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...
Microsoft Exchange Server Spoofing Vulnerability
Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A spoofing vulnerability exists in Microsoft Exchange Server 2016 Cumulative Update 8 and 9, which stems from Outlook Web...
Cross-site Scripting (XSS)
simplehttpserver is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of file names when displaying the affected file names...
YXCMS has multiple vulnerabilities
Yxcms is an enterprise building system based on PHP and mysql technology. Yxcms 1.4.6 version exists stored XSS, arbitrary file deletion, file write, SQL injection vulnerability, attackers can exploit the vulnerability to obtain control of the web server...
kazimoglu.com.tr XSS vulnerability
Open Bug Bounty ID: OBB-555176 Description| Value ---|--- Affected Website:| kazimoglu.com.tr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Cisco Access Control System Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected system. SPDX-FileCopyrightText: 2017 Greenbone ...
Cross-Site Scripting in PAN-OS
A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...
Ubuntu 14.04 LTS : Django vulnerabilities (USN-2915-1)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-2915-1 advisory. Mark Striemer discovered that Django incorrectly handled user-supplied redirect URLs containing basic authentication credentials. A remote attacker could...
Content Injection via TileJSON Name
Overview Versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 of mapbox.js are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios. If L.mapbox.map or L.mapbox.shareControl are used in a manner that gives users control of the TileJSON content, it is possible to inject...
FreeBSD : wordpress -- 2 XSS vulnerabilities (d86890da-f498-11e4-99aa-bcaec565249c)
Samuel Sidler reports : The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site scripting attack. All affected themes and plugins hosted on WordPress.org including the Twenty Fifteen default theme have been updat...