3221 matches found
Apache Cordova Whitelist Bypass Vulnerability
Cordova is to build native mobile applications with HTML, CSS, JavaScript. A security vulnerability exists in Cordova Android 3.7.2 and earlier versions. Because whitelisting restrictions are not properly applied, an attacker can bypass the whitelist and execute arbitrary Javascript using a...
Accentis Content Resource Management System Cross Site Scripting
Vulnerability type: Stored Cross Site Scripting Vendor: http://www.accentis.com.au/ Product: Accentis Content Resource Management System Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3425 PROOF OF CONCEPT XSS Accentis Content Resource Management System before October 2015 pat...
CVE-2002-1649
Cross-site scripting XSS vulnerability in readbody.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag...
WordPress iThemes Security Plugin <= 4.6.12 - Stored XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
Arbitrary JavaScript Execution
Overview A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater. References - Commit b751602 - GitHub Advisory...
PYSEC-2015-25
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...
Watu PRO Play 1.9.2.1 Cross Site Scripting
Details ================ Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://calendarscripts.info/watupro/modules.htmlplay Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting...
Vulnerabilities Identified in Several WordPress Plugins
Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress. The issues, most of which are cross-site scripting XSS vulnerabilities, could give some users administrative privileges, warns dxw Security, a British firm...
Google Analytics By Yoast Premium 5.4.4 Cross Site Scripting
Details ================ Software: Google Analytics by Yoast Premium Version: 5.4.4 Homepage: https://yoast.com/wordpress/plugins/google-analytics/ Advisory report: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ CVE: Awaiting assignment CVSS: 5.5...
NetCracker Resource Management 8.0 - XSS Vulnerability
Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: = 8.0 Patched version: 8.2 Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-2207 PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerabili...
CVE-2015-5379: Axigen XSS vulnerability for html attachments
CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...
CVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...
Adobe Connect 9.3 Cross Site Scripting
Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...
WordPress 2 Click Social Media Buttons Plugin <= 0.34 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
WordPress Link Library Plugin <= 5.0.8 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter "id". Solution Update the plugin...
IBM Websphere Portal - Persistent Cross-Site Scripting
IBM Websphere Portal - Persistent Cross-Site Scripting IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability CVE-2014-0910 + Author: Filippo Roncari + Target: IBM WebSphere Portal + Version: 7.0, 6.1.5, 6.1.0 + Vendor: http://www.ibm.com + Accessibility: Remote + Severity: Medium + CVE:...
Mozilla Firefox-release Security Policy Bypass Vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security policy bypass vulnerability exists in Mozilla Firefox versions prior to 37.0.1, due to the Reader mode feature in Mozilla Firefox on Android and the desktop Firefox...
Design/Logic Flaw
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0802
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...