3296 matches found
PYSEC-2015-25
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...
Watu PRO Play 1.9.2.1 Cross Site Scripting
Details ================ Software: Watu PRO Play Version: 1.9.2.1 Homepage: http://calendarscripts.info/watupro/modules.htmlplay Advisory report: https://security.dxw.com/advisories/stored-xss-in-watu-pro-play-allows-unauthenticated-attacker-to-do-almost-anything-an-admin-can/ CVE: Awaiting...
Vulnerabilities Identified in Several WordPress Plugins
Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress. The issues, most of which are cross-site scripting XSS vulnerabilities, could give some users administrative privileges, warns dxw Security, a British firm...
Google Analytics By Yoast Premium 5.4.4 Cross Site Scripting
Details ================ Software: Google Analytics by Yoast Premium Version: 5.4.4 Homepage: https://yoast.com/wordpress/plugins/google-analytics/ Advisory report: https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/ CVE: Awaiting assignment CVSS: 5.5...
CVE-2015-5379: Axigen XSS vulnerability for html attachments
CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...
NetCracker Resource Management 8.0 - XSS Vulnerability
Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: = 8.0 Patched version: 8.2 Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-2207 PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerabili...
CVE-2015-2727
Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...
Adobe Connect 9.3 Cross Site Scripting
Advisory: Adobe Connect Reflected XSS Author: Stas Volfus Bugsec Information Security LTD Vendor URL: http://www.adobe.com/ Status: Vendor Notified ========================== Vulnerability Description ========================== Adobe Connect Central version: 9.3 is vulnerable to Reflected XSS Cro...
WordPress Link Library Plugin <= 5.0.8 - Cross Site Scripting
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Vulnerable parameter "id". Solution Update the plugin...
WordPress 2 Click Social Media Buttons Plugin <= 0.34 - XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
IBM Websphere Portal - Persistent Cross-Site Scripting
IBM Websphere Portal - Persistent Cross-Site Scripting IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability CVE-2014-0910 + Author: Filippo Roncari + Target: IBM WebSphere Portal + Version: 7.0, 6.1.5, 6.1.0 + Vendor: http://www.ibm.com + Accessibility: Remote + Severity: Medium + CVE:...
Mozilla Firefox-release Security Policy Bypass Vulnerability
Mozilla Firefox is a web browser developed by the Mozilla Foundation in conjunction with the open source community. A security policy bypass vulnerability exists in Mozilla Firefox versions prior to 37.0.1, due to the Reader mode feature in Mozilla Firefox on Android and the desktop Firefox...
Design/Logic Flaw
The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818...
CVE-2015-0802
Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of ...
CVE-2015-0818
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...
Symantec NetBackup OpsCenter Arbitrary Code Execution Vulnerability
Symantec NetBackup OpsCenter is a unified data protection management software from Symantec Symantec. The software allows centralized monitoring and reporting of the operational status of heterogeneous data protection environments through a console. A security vulnerability exists in Symantec...
Cross-Site Scripting (XSS)
CKEditor is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...
WordPress Geo Mashup 1.8.2 Cross Site Scripting
Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: = 1.8.2 Fixed version: 1.8.3 January, 11 2015 Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location...
Design/Logic Flaw
The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...