Lucene search
K

32 matches found

RedHat Linux
RedHat Linux
added 2021/11/10 10:37 a.m.2 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/04 4:59 p.m.1 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/03 7:52 p.m.2 views

Mozilla: iframe sandbox rules did not apply to XSLT stylesheets

The Mozilla Foundation Security Advisory describes this flaw as: The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame...

10CVSS7.3AI score0.0383EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2021/08/06 12:0 a.m.7 views

The vulnerability of the XSLT (Extensible Stylesheet Language Transformations) implementation of Google Chrome’s Blink rendering module allows a attacker to trigger a service failure.

The vulnerability of the XSLT technology implementation in Google Chrome’s Blink rendering module is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...

10CVSS6.8AI score0.21623EPSS
Exploits0References10Affected Software4
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-5440

A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1,...

9.8CVSS9.2AI score0.03036EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2016/05/11 12:0 a.m.9 views

The vulnerability of the XSLTResult class implementation in the Apache Struts software platform allows attackers to execute arbitrary code.

The vulnerability of the XSLTResult class implementation in the Apache Struts software framework is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using the stylesheetLocation parameter...

10CVSS8.2AI score0.20167EPSS
Exploits0References5Affected Software2
BDU FSTEC
BDU FSTEC
added 2016/03/02 12:0 a.m.7 views

The vulnerability of the Microsoft .NET Framework software platform, which allows a perpetrator to trigger a service failure

The vulnerability of the Microsoft .NET Framework exists due to the lack of restrictions on recursive compilation of XSLT transformations. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause performance degradation by using specially crafted XSLT data...

5CVSS7.2AI score0.18072EPSS
Exploits0References2
CNVD
CNVD
added 2016/02/11 12:0 a.m.4 views

Microsoft .NET Framework Denial of Service Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

7.5CVSS6.8AI score0.18072EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.3 views

Tomcat/JBossWeb: XML parser hijack by malicious web application

It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors TLDs, and tag plug-in configuration files. The injected XML...

4.3CVSS6.6AI score0.07616EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/03 5:0 p.m.3 views

Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs

It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities XXEs in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive informati...

4.3CVSS6.5AI score0.06905EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/06/30 8:51 p.m.8 views

Xalan-Java: insufficient constraints in secure processing feature

It was found that the secure processing feature of Xalan-Java had insufficient restrictions defined for certain properties and features. A remote attacker able to provide Extensible Stylesheet Language Transformations XSLT content to be processed by an application using Xalan-Java could use this...

7.5CVSS7.8AI score0.13809EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2008/09/24 1:42 a.m.6 views

Mozilla privilege escalation via XPCnativeWrapper pollution

Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to 1 the document.loadBindingDocument...

7.5CVSS6.2AI score0.04802EPSS
Exploits1References4
Rows per page
Query Builder