Lucene search
K

87 matches found

OSV
OSV
added 2018/03/13 3:29 p.m.14 views

CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6AI score
Exploits0References4
OSV
OSV
added 2018/03/13 3:29 p.m.2 views

DEBIAN-CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS5.4AI score0.01479EPSS
Exploits0References1
Prion
Prion
added 2018/03/13 3:29 p.m.12 views

Cross site scripting

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

4.3CVSS6AI score0.01479EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2018/03/13 3:29 p.m.18 views

CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6.8AI score0.01479EPSS
Exploits0References4
OSV
OSV
added 2018/03/13 3:29 p.m.2 views

UBUNTU-CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6.7AI score0.01479EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2018/03/13 3:0 p.m.16 views

CVE-2018-1000088

Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting XSS vulnerability in web view's OAuth app form, user authorization prompt web view that can result in Stored XSS on the OAuth Client's name will cause users interacting with it will execute payload. This attack appear to be...

6.1CVSS6.2AI score0.01479EPSS
Exploits0
Into the symmetry
Into the symmetry
added 2016/06/20 8:47 a.m.28 views

Native applications with OAuth 2

By Justin Richer and Antonio Sanso This article was excerpted from the book OAuth 2 in Action. The OAuth core specification specifies four different grant types: Authorization Code, Implicit, Resource Owner Password Credentials and Client Credentials. Each grant type is designed with different...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.40 views

Fedora 22 : webkitgtk4-2.10.9-1.fc22 (2016-68b43a4e0d)

This update together with the previous release brings the following fixes Security fixes: CVE-2016-1726 Limit the number of tiles according to the visible area. This was causing a huge memory consumption with some websites. Fix rendering of form controls and scrollbars with GTK+ = 3.19. Fix HTTP...

9.3CVSS7.8AI score0.04461EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2015/09/16 12:0 a.m.8 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the PrintWebViewHelper class in the components/printing/renderer/printwebviewhelper.cc module of the Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause service failures by triggering embedded...

7.5CVSS7.7AI score0.01574EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2015/09/03 10:59 p.m.5 views

UBUNTU-CVE-2015-1295

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...

7.5CVSS7.2AI score0.01574EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/09/03 4:6 p.m.2 views

chromium-browser: Use-after-free in Printing

Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/printwebviewhelper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC...

7.5CVSS7.4AI score0.01574EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13248/info Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane Web View is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2009/10/19 12:0 a.m.21 views

Microsoft Windows Web View Script Injection (MS05-024; CVE-2005-1191)

Metadata is a general term for data which is used to describe characteristics of data. It is generally used to provide information such as title, author, modification history, as well as any other relevant characteristics. In Microsoft implementations there are two common approaches to storing fi...

5CVSS7AI score0.19617EPSS
Exploits1
seebug.org
seebug.org
added 2007/10/19 12:0 a.m.23 views

Cisco Unified Communications管理应用程序特权提升漏洞

Cisco Unified Communications Manager(CUCM,之前被称为CallManager)是Cisco IP电话解决方案中的呼叫处理组件。 Cisco Unified Communications管理应用程序包含的基于WEB的工具存在访问验证问题,远程攻击者可以利用漏洞访问设备敏感信息和更改应用程序配置。 Cisco Unified ICME, Unified ICMH, UCCE,...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2007/10/18 12:0 a.m.35 views

Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Unified Communications Web-based Management Vulnerability Document ID: 97836 Advisory ID: cisco-sa-20071017-IPCC http://www.cisco.com/warp/public/707/cisco-sa-20071017-IPCC.shtml Revision 1.0 For Public Release 2007...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/10/10 12:0 a.m.72 views

MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

The remote host is running a version of Windows that contains a flaw in the Windows Explorer WebViewFolderIcon ActiveX control Web View. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a website or view a...

9.3CVSS6.5AI score0.63817EPSS
Exploits9References2
Saint
Saint
added 2006/09/29 12:0 a.m.24 views

Internet Explorer WebViewFolderIcon setSlice integer overflow

Added: 09/29/2006 CVE: CVE-2006-3730 BID: 19030 OSVDB: 27110 Background The WebViewFolderIcon ActiveX control provides support for icons in the Windows Explorer Web view. Problem An integer overflow vulnerability in the setSlice method in the WebViewFolderIcon ActiveX control allows remote comman...

9.3CVSS6.8AI score0.63817EPSS
Exploits9
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.9 views

Cabletron Web View Administrative Access

This host is a Cabletron switch and is running Cabletron WebView. This web software provides a graphical, real-time representation of the front panel on the switch. This graphic, along with additionally defined areas of the browser interface, allow you to interactively configure the switch, monit...

7.2AI score
Exploits0
NVD
NVD
added 2005/10/21 6:2 p.m.22 views

CVE-2005-2117

Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code...

5.1CVSS7.2AI score0.36881EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2005/05/10 12:0 a.m.37 views

MS05-024: Vulnerability in Web View Could Allow Code Execution (894320)

The remote host is running a version of Microsoft Windows that contains a security flaw in the Web View of the Windows Explorer that could allow an attacker to execute arbitrary code on the remote host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and...

5CVSS6.2AI score0.19617EPSS
Exploits1References2
Rows per page
Query Builder