407 matches found
SUSE CVE-2016-5191
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...
SUSE CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...
SUSE CVE-2017-5006
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
SUSE CVE-2017-5010
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2021-37518
CVE-2021-37518 (Vimium Extension) : A Universal Cross Site Scripting (UXSS) flaw affects Vimium Extension versions 1.66 and earlier, permitting a remote attacker to run arbitrary code via the omnibar feature. The CVSSv3.1 base score is 6.1 (Medium) with Network attack vector, Low integrity/low co...
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...
Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam
Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensat...
Mageia: Security Advisory (MGASA-2014-0134)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs
A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other people’s Macs. The issue, discovered lurking in Safari by Ryan Pickren, could make use of rogue websites to perform a number of dubious actions. It begins, as so many attack...
Brave Software: Universal XSS with Playlist feature
A Universal XSS vulnerability was discovered in Brave iOS versions 1.32.3 and higher. The vulnerability was caused by three weaknesses, including the exposure of UserScriptManager.securityToken and UserScriptManager.messageHandlerToken, as well as a UXSS vulnerability in PlaylistHelper through...
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or...
Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs
A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE project...
CVE-2021-29370
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...
Cross site scripting
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...
CVE-2021-29370
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...
CVE-2021-29370
CVE-2021-29370 is a UXSS vulnerability in the Thanos-Soft Cheetah Browser (Android 1.2.0) caused by an inadequate filter of the intent scheme, enabling cross-site scripting on any website. Affected component: the browser’s handling of intents; root cause: insufficient input filtering. Documented ...
Input validation
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2020-16030
CVE-2020-16030 affects the Blink component in Chromium/Google Chrome prior to 87.0.4280.66. The issue is insufficient data validation in Blink, enabling a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Publicly cited sources in the provided documents confirm C...
CVE-2020-16030
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Android WebView Universal Cross-site Scripting
A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...