Lucene search
K

407 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.2 views

SUSE CVE-2016-5191

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...

6.1CVSS8.8AI score0.01765EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.5 views

SUSE CVE-2016-5265

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS UXSS attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same loca...

5.5CVSS5.9AI score0.01247EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.1 views

SUSE CVE-2017-5006

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS8.6AI score0.01231EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.4 views

SUSE CVE-2017-5010

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.1CVSS8.6AI score0.01198EPSS
Exploits1References5
CVE
CVE
added 2023/02/03 12:0 a.m.59 views

CVE-2021-37518

CVE-2021-37518 (Vimium Extension) : A Universal Cross Site Scripting (UXSS) flaw affects Vimium Extension versions 1.66 and earlier, permitting a remote attacker to run arbitrary code via the omnibar feature. The CVSSv3.1 base score is 6.1 (Medium) with Network attack vector, Low integrity/low co...

6.1CVSS6.3AI score0.00682EPSS
Exploits1References2Affected Software1
ThreatPost
ThreatPost
added 2022/01/31 6:18 p.m.43 views

Apple Pays $100.5K Bug Bounty for Mac Webcam Hack

A researcher who showed Apple how its webcams can be hijacked via a universal cross-site scripting bug UXSS Safari bug has been awarded what is reportedly a record $100,500 bug bounty. The bug could be used by an adversary as part of an attack to gain full access to every website ever visited by...

8.6CVSS7.5AI score0.01801EPSS
Exploits0References18
The Hacker News
The Hacker News
added 2022/01/31 6:7 a.m.34 views

Apple Pays $100,500 Bounty to Hacker Who Found Way to Hack MacBook Webcam

Apple last year fixed a new set of macOS vulnerabilities that exposed Safari browser to attack, potentially allowing malicious actors to access users' online accounts, microphone, and webcam. Security researcher Ryan Pickren, who discovered and reported the bugs to the iPhone maker, was compensat...

8.6CVSS0.2AI score0.01801EPSS
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.22 views

Mageia: Security Advisory (MGASA-2014-0134)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.04822EPSS
Exploits3References5
Malwarebytes
Malwarebytes
added 2022/01/27 11:43 a.m.19 views

Apple fixes Mac bug that could have allowed takeover of webcams and browser tabs

A researcher has picked up a $100,500 bounty from Apple after discovering a rather nasty method of gaining control of other people’s Macs. The issue, discovered lurking in Safari by Ryan Pickren, could make use of rogue websites to perform a number of dubious actions. It begins, as so many attack...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2021/12/27 10:44 a.m.15 views

Brave Software: Universal XSS with Playlist feature

A Universal XSS vulnerability was discovered in Brave iOS versions 1.32.3 and higher. The vulnerability was caused by three weaknesses, including the exposure of UserScriptManager.securityToken and UserScriptManager.messageHandlerToken, as well as a UXSS vulnerability in PlaylistHelper through...

6.4AI score
Exploits0
ThreatPost
ThreatPost
added 2021/06/29 4:34 p.m.91 views

Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks

Microsoft patched two bugs in its Chromium-based Edge browser last week, one of which could be used by an attacker to bypass security and to remotely inject and execute arbitrary code on any website just by sending a message. That security-bypassing bug, CVE-2021-34506, is rated CVSS 5.4, or...

6.1CVSS6.7AI score0.02068EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2021/04/19 10:21 a.m.79 views

Malware That Spreads Via Xcode Projects Now Targeting Apple's M1-based Macs

A Mac malware campaign targeting Xcode developers has been retooled to add support for Apple's new M1 chips and expand its features to steal confidential information from cryptocurrency apps. XCSSET came into the spotlight in August 2020 after it was found to spread via modified Xcode IDE project...

1.1AI score
Exploits0
NVD
NVD
added 2021/04/13 10:15 p.m.18 views

CVE-2021-29370

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...

6.1CVSS0.00741EPSS
Exploits0References1
Prion
Prion
added 2021/04/13 10:15 p.m.13 views

Cross site scripting

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...

4.3CVSS6AI score0.00741EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/04/13 9:55 p.m.24 views

CVE-2021-29370

A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website...

6.2AI score0.00741EPSS
Exploits0References1
CVE
CVE
added 2021/04/13 9:55 p.m.47 views

CVE-2021-29370

CVE-2021-29370 is a UXSS vulnerability in the Thanos-Soft Cheetah Browser (Android 1.2.0) caused by an inadequate filter of the intent scheme, enabling cross-site scripting on any website. Affected component: the browser’s handling of intents; root cause: insufficient input filtering. Documented ...

6.1CVSS6AI score0.00741EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/01/08 7:15 p.m.23 views

Input validation

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

4.3CVSS6.5AI score0.00652EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/08 5:53 p.m.188 views

CVE-2020-16030

CVE-2020-16030 affects the Blink component in Chromium/Google Chrome prior to 87.0.4280.66. The issue is insufficient data validation in Blink, enabling a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Publicly cited sources in the provided documents confirm C...

6.1CVSS6.4AI score0.00652EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2020/11/18 6:39 p.m.29 views

CVE-2020-16030

Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

6.5CVSS2.5AI score0.00652EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/10/02 4:22 p.m.217 views

Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

6.5CVSS1.6AI score0.03819EPSS
Exploits0References19Affected Software1
Rows per page
Query Builder