CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

CVE-2023-1230

CVE-2023-1230 concerns an Inappropriate implementation in WebApp Installs in Google Chrome on Android before version 111.0.5563.64. The issue allows an attacker who persuades a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Affected product ...

CVE-2023-1230

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. Chromium security severity: Medium...

Google Chrome 安全漏洞

Google Chrome is a web browser from the American company Google Google. A security vulnerability exists in versions prior to Google Chrome on Android 111.0.5563.64. The vulnerability is exploited by attackers to convince users to install a malicious WebApp, which spoofs the contents of the PWA...

OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information...

GHSA-MJV2-6JV4-VRG7 OpenNMS Meridian and Horizon vulnerable to Cross-site Scripting

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information...

CVE-2023-0867 Multiple stored and reflected Cross-site Scripting in webapp

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session information. Users should upgrade to Meridian 2023.1.0 or newer, or Horizon 31.0.4. Meridian and Horiz...

SUSE CVE-2020-26954

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

SUSE CVE-2021-23976

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on...

SUSE CVE-2021-28163

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that...

SUSE CVE-2021-30622

Chromium: CVE-2021-30622 Use after free in WebApp Installs...

SUSE CVE-2021-37995

Inappropriate implementation in WebApp Installer in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially overlay and spoof the contents of the Omnibox URL bar via a crafted HTML page...

SUSE CVE-2022-1864

Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction...

SUSE CVE-2022-2161

Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions...

CVE-2022-39380 wire-webapp contains Improper Handling of Exceptional Conditions leading to a DoS via Markdown Rendering

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...

Textpattern 4.8.8 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Textpattern 4.8.8 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://textpattern.com/ Version : 4.8.8 Tested on: windows 11 xammp | Kali linux Category: WebApp Google Dork: intext:"Published with Textpattern...

Nextcloud: Ability to control the filename when uploading a logo or favicon on theming

A vulnerability existed in Nextcloud that allowed an attacker to control the filename of a logo or favicon when uploading it, by modifying the key. This could result in the attacker uploading any files directly in the webapp and path disclosure. The vulnerability has been fixed...