GHSA-J739-GW6Q-F4C7 HTML Injection in Froxlor

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. Note: Froxlor version 0.10.22 introduces AntiXSS cross-site scripting protectio...

HTML Injection in Froxlor

Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. Note: Froxlor version 0.10.22 introduces AntiXSS cross-site scripting protectio...

Cross-Site Scripting (XSS)

antixss is vulnerable to cross-site scripting XSS. The library does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input...

Microsoft AntiXSS Library Bypass Information Disclosure (MS12-007) - Ver2 (CVE-2012-0007)

An information disclosure vulnerability has been reported in the Microsoft Anti-Cross Site Scripting AntiXSS Library. The vulnerability is due to the way the AntiXSS Library incorrectly evaluates certain characters after a CSS escaped character is detected. A remote attacker may exploit this issu...

Google Chrome跨站脚本过滤器安全绕过漏洞

BUGTRAQ ID: 57474 Google Chrome是由Google开发的一款设计简单、高效的Web浏览工具。 Google Chrome存在安全绕过漏洞，攻击者可利用此漏洞绕过本地跨站脚本过滤器AntiXSS，执行任意脚本代码并窃取cookie身份验证凭证。 0 Google Chrome 24 厂商补丁： Google ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.google.com...

Microsoft AntiXSS library crossite scripting

Crossite scripting during HTML parsing...

Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)

This host is missing an important security update according to Microsoft Bulletin MS12-007. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)

This host is missing an important security update according to Microsoft Bulletin MS12-007. OpenVAS Vulnerability Test $Id: secpodms12-007.nasl 5366 2017-02-20 13:55:38Z cfi $ Microsoft AntiXSS Library Information Disclosure Vulnerability 2607664 Authors: Madhuri D Copyright: Copyright c 2012...

CVE-2012-0007

CVE-2012-0007 refers to a vulnerability in Microsoft AntiXSS Library (versions 3.x and 4.0) where characters after a CSS-escaped sequence are not evaluated correctly, allowing remote XSS via HTML input. Root cause: improper handling in the AntiXSS sanitization process after CSS escapes. Affected ...

CVE-2012-0007

The Microsoft Anti-Cross Site Scripting AntiXSS Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets CSS escaped character, which allows remote attackers to conduct cross-site scripting XSS attacks via HTML input, aka "AntiXSS Library Bypass...

Microsoft AntiXSS 34.0 Library Sanitization Module - Security Bypass

Microsoft AntiXSS 34.0 Library Sanitization Module - Security Bypass source: https://www.securityfocus.com/bid/51291/info Microsoft Anti-Cross Site Scripting AntiXSS Library is prone to a security-bypass vulnerability that affects the sanitization module. An attacker can exploit this vulnerabilit...

Microsoft AntiXSS Library Bypass Information Disclosure (MS12-007; CVE-2012-0007)

An information disclosure vulnerability has been reported in the Microsoft Anti-Cross Site Scripting AntiXSS Library...

Microsoft AntiXSS Library Sanitization Module Security Bypass Vulnerability

Description Microsoft Anti-Cross Site Scripting AntiXSS Library is prone to a security-bypass vulnerability that affects the sanitization module. An attacker can exploit this vulnerability to bypass the filter and conduct cross-site scripting attacks. Successful exploits may allow attackers to...

Microsoft AntiXSS 3/4.0 Library Sanitization Module - Security Bypass

source: https://www.securityfocus.com/bid/51291/info Microsoft Anti-Cross Site Scripting AntiXSS Library is prone to a security-bypass vulnerability that affects the sanitization module. An attacker can exploit this vulnerability to bypass the filter and conduct cross-site scripting attacks...

Google Docs (HTML code) Multiple Cross Site Scripting Vulnerabilities

Google Docs HTML code Multiple Cross Site Scripting Vulnerabilities I. Background: Google Docs is an online application which makes possibile to "Create and share your work online". You can use it to create Documents, Presentations, Spreadsheets and Forms. II. Description: Multiple cross site...