1057 matches found
Input validation
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...
Design/Logic Flaw
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-2955
Cross-site scripting XSS vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-5955
Cross-site scripting XSS vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Multiple Corega wireless LAN routers vulnerable to cross-site scripting
Overview Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability CWE-79. Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Pagure Cross-Site Scripting Vulnerability
Pagure is a Git repository using Python to provide Web services . A cross-site scripting vulnerability exists in Pagure version 2.2.1, which can be exploited by remote attackers to inject arbitrary web script or HTML...
CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
Wordpress pondol-carousel plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL. pondol-carousel is one of the plugins used to create a folder. A cross-site scripting vulnerability...
soblacktie.com XSS vulnerability
Vulnerable URL: http://www.soblacktie.com/apps/search?s=%3C%2Ftitle%3E%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2488837 VIP...
PHPVibe Stored Cross-Site Scripting Vulnerability
PHPVibe is a video sharing content management system CMS. The system can be used to create video sharing websites. A stored cross-site scripting vulnerability exists in PHPVibe versions prior to 4.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Accellion Kiteworks Cross-Site Scripting Vulnerability
Accellion Kiteworks is the leading private cloud platform for secure content. A cross-site scripting vulnerability exists in versions of Accellion Kiteworks prior to 2016.03.00 due to the program failing to properly filter user-supplied parameters. Allowing an attacker to exploit the vulnerabilit...
Accela Civic Platform Citizen Access portal cross-site scripting vulnerability
Accela Civic Platform Citizen Access portal is a web portal for citizens and government to connect and interact. Cross-site scripting vulnerabilities exist in the Accela Civic Platform Citizen Access portal. These vulnerabilities can be exploited by an attacker to steal cookie-based authenticatio...
The vulnerability of the Oracle Fusion Middleware software platform allows a malicious actor to execute arbitrary scripts outside of the application’s catalog.
A vulnerability in the Oracle Fusion Middleware software exists due to an error that occurs when processing a unified resource identifier called Request-URI. Exploiting this vulnerability allows a malicious individual to access arbitrary scripts outside of the application’s catalog, using...
ESF pfSense squid_clwarn.php Cross Site Scripting
A cross-site scripting vulnerability has been reported in squid package of Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the url, source, user and virus variables in the squidclwarn.php page. By convincing a user to visit a malicious website, a...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-04366)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in WordPress 4.5.2 and earlier versions, which can be exploited by an attacker to inject arbitrary web script or HTML with the help of an...
Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)
A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
FreedomPop Account Hijacking Flaws Remain Unpatched
It took close to two months, but free wireless and mobile provider FreedomPop has acknowledged reports of a serious vulnerability in its service. U.K.-based researcher Paul Moore told Threatpost that FreedomPop, which has been operating in the U.K. since last September, finally responded to a bug...