Lucene search
+L

96 matches found

ThreatPost
ThreatPost
added 2018/08/17 1:46 p.m.16 views

ThreatList: Almost Half of the World’s Top Websites Deemed ‘Risky’

Nearly half of the world’s most popular websites are risky places to visit, according to a fresh analysis of top Alexa sites. Vulnerable code, the running of active content from risky background sites, and large amounts of code downloads marked a good chunk of the top 50 websites used in all of t...

0.5AI score
Exploits0References4
Symantec
Symantec
added 2018/08/14 12:0 a.m.26 views

Microsoft Edge CVE-2018-8388 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

0.4AI score0.03615EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/07/17 10:38 a.m.22 views

Security Bulletin: A Vulnerabilitiy in IBM ACF(Active Content Filter) affects IBM Cúram(CVE-2015-1917)

Summary IBM Cúram is shipped with IBM Active Content Filtering which is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...

4.3CVSS0.6AI score0.01805EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2018/05/08 12:0 a.m.25 views

Microsoft Internet Explorer CVE-2018-8126 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Internet Explorer 11 is vulnerable. Technologies...

8.6AI score0.0556EPSS
Exploits0Affected Software1
Symantec
Symantec
added 2017/11/14 12:0 a.m.38 views

Microsoft ASP.NET Core CVE-2017-11879 Open Redirection Vulnerability

Description Microsoft ASP.NET Core is prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be...

4.3CVSS0.09398EPSS
Exploits0
exploitpack
exploitpack
added 2017/09/30 12:0 a.m.23 views

Microsoft Word 2007 (x86) - Information Disclosure

Microsoft Word 2007 x86 - Information Disclosure Title: MS Office Word Information Disclosure Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows...

7.2AI score
Exploits0
Veracode
Veracode
added 2017/09/28 9:13 p.m.8 views

Cross-Site Scripting (XSS)

Response-batch is vulenrable to cross-site scripting XSS attacks. The JSONP endpoints are vulnerable to active content injection...

5.8AI score
Exploits0
Symantec
Symantec
added 2017/07/11 12:0 a.m.38 views

Microsoft Edge and Internet Explorer CVE-2017-8592 Security Bypass Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions. This may lead to other attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet Explore...

4.3CVSS6.8AI score0.08018EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2017/04/18 5:3 a.m.31 views

Cross-Site Scripting (XSS)

OWASP AntiSamy is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a string to the application through a tag that supports style with active content to execute arbitrary code...

6.1CVSS6AI score0.02039EPSS
Exploits0References3Affected Software1
Symantec
Symantec
added 2016/02/09 12:0 a.m.51 views

Microsoft SharePoint CVE-2016-0039 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

4.3CVSS6.9AI score0.06933EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.6 views

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any web or HTML code.

The vulnerability of the Active Content Filtering component in the IBM WebSphere Portal user interface exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially...

4.3CVSS6.5AI score0.01805EPSS
Exploits0References3
NVD
NVD
added 2015/07/14 2:59 p.m.26 views

CVE-2015-1917

Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...

4.3CVSS5.4AI score0.01805EPSS
Exploits0References4
Prion
Prion
added 2015/07/14 2:59 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...

4.3CVSS5.9AI score0.01805EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/07/14 2:0 p.m.31 views

CVE-2015-1917

Cross-site scripting XSS vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or...

5.4AI score0.01805EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/07/07 12:0 a.m.26 views

IBM WebSphere Portal Active Content Filtering XSS (PI38732)

The version of IBM WebSphere Portal installed on the remote Windows host is affected by a cross-site scripting vulnerability in the Active Content Filtering component due to improperly validating user-supplied input. A remote attacker can exploit this by creating a specially crafted URL designed ...

4.3CVSS6.2AI score0.01805EPSS
Exploits0References2
Hacker One
Hacker One
added 2015/06/26 7:53 p.m.87 views

HackerOne: CSV Injection with the CVS export feature

The "Download as a CSV" feature of HackerOne does not properly "escape" fields. This allows an adversary to turn a field into active content so when a response team download the csv and opens it, the active content gets executed. Here is more information about this issue:...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2015/06/03 8:28 a.m.17 views

XSS in JIRA via PDF attachment

PDF attachments are considered active content and can be used to xss users...

3.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/06/03 8:28 a.m.15 views

XSS in JIRA via PDF attachment

PDF attachments are considered active content and can be used to xss users...

3.2AI score
Exploits0
Symantec
Symantec
added 2015/03/10 12:0 a.m.39 views

Microsoft SharePoint CVE-2015-1636 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

3.5CVSS6.3AI score0.06875EPSS
Exploits0References1Affected Software2
Symantec
Symantec
added 2014/11/11 12:0 a.m.26 views

Microsoft Internet Explorer CVE-2014-6345 Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...

4.3CVSS9.4AI score0.30213EPSS
Exploits0Affected Software2
Rows per page
Query Builder