3221 matches found
CVE-2012-3965
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...
Code injection
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...
Code injection
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and...
CVE-2012-3965
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link:...
gp Easy CMS Minishop 1.5 Cross Site Scripting
Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...
Websense (Triton 7.6) Stored Cross Site Scripting
======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ======== Discovered: 2 November 2011...
NGS00141 Technical Advisory: Websense Triton 7.6 stored XSS in report management UI
======= Summary ======= Name: Websense Triton 7.6 stored XSS in report management UI Release Date: 30 April 2012 Reference: NGS00141 Discoverer: Ben Williams [email protected] Vendor: Websense Vendor Reference: Systems Affected: Risk: High Status: Published ======== TimeLine ========...
Kaseya 6.2.0.0 Cross Site Scripting
Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...
Code injection
Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which...
XSS Vulnerability discovered on Paypal
XSS Vulnerability discovered on Paypal Vansh and Vaibhuv two Indian Hacker found a XSS vulnerability in world famous site Paypal. Paypal is affected by an XSS vulnerability where it fails to validate input. One can add arbitrary javascript with no need for any filter evasion. This is a serious...
Project Open Cross Site Scripting
Vulnerability Title: Project Open po - "account-closed.tcl" Reflective Cross Site Scripting Author: Michail Poultsakis Date of Vendor and CERT Contact: 2011.12.08 Publication Date: 2012.02.02 Product Link: http://www.project-open.com Affected Product Version: 3.4.x Project Open po version 3.4.x...
Directory traversal
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...
CVE-2011-3229
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...
DragDropCart Cross Site Scripting
Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...
Code injection
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
Cross site scripting
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...
CVE-2011-2357
CVE-2011-2357 describes a cross-application scripting flaw in Android’s Browser URL loading, enabling a non-privileged app to inject JavaScript into arbitrary domains and break sandboxing. The vulnerability has two exploitation vectors: (1) exhausting MAX_TABS and loading a target URL followed by...
CVE-2011-2357
Cross-application scripting vulnerability in the Browser URL loading functionality in Android 2.3.4 and 3.1 allows local applications to bypass the sandbox and execute arbitrary Javascript in arbitrary domains by 1 causing the MAXTAB number of tabs to be opened, then loading a URI to the targeted...