96 matches found
ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’
Nearly half of the world’s most popular websites are risky places to visit, according to a fresh analysis of top Alexa sites. Vulnerable code, the running of active content from risky background sites, and large amounts of code downloads marked a good chunk of the top 50 websites used in all of t...
Microsoft Edge CVE-2018-8388 Spoofing Vulnerability
Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...
Security Bulletin: A Vulnerabilitiy in IBM ACF(Active Content Filter) affects IBM Cúram(CVE-2015-1917)
Summary IBM Cúram is shipped with IBM Active Content Filtering which is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...
Microsoft Internet Explorer CVE-2018-8126 Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Internet Explorer 11 is vulnerable. Technologies...
Microsoft ASP.NET Core CVE-2017-11879 Open Redirection Vulnerability
Description Microsoft ASP.NET Core is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be...
Microsoft Word 2007 (x86) - Information Disclosure
Microsoft Word 2007 x86 - Information Disclosure Title: MS Office Word Information Disclosure Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows...
Cross-Site Scripting (XSS)
Response-batch is vulenrable to cross-site scripting XSS attacks. The JSONP endpoints are vulnerable to active content injection...
Microsoft Edge and Internet Explorer CVE-2017-8592 Security Bypass Vulnerability
Description Microsoft Edge and Internet Explorer are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explore...
Cross-Site Scripting (XSS)
OWASP AntiSamy is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a string to the application through a tag that supports style with active content to execute arbitrary code...
Microsoft SharePoint CVE-2016-0039 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any web or HTML code.
The vulnerability of the Active Content Filtering component in the IBM WebSphere Portal user interface exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially...
CVE-2015-1917
Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...
Cross site scripting
Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...
CVE-2015-1917
Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...
IBM WebSphere Portal Active Content Filtering XSS (PI38732)
The version of IBM WebSphere Portal installed on the remote Windows host is affected by a cross-site scripting vulnerability in the Active Content Filtering component due to improperly validating user-supplied input. A remote attacker can exploit this by creating a specially crafted URL designed ...
HackerOne: CSV Injection with the CVS export feature
The "Download as a CSV" feature of HackerOne does not properly "escape" fields. This allows an adversary to turn a field into active content so when a response team download the csv and opens it, the active content gets executed. Here is more information about this issue:...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...
XSS in JIRA via PDF attachment
PDF attachments are considered active content and can be used to xss users...
Microsoft SharePoint CVE-2015-1636 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Microsoft Internet Explorer CVE-2014-6345 Cross Domain Information Disclosure Vulnerability
Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...