CVE-2016-6316

It was discovered that Action View tag helpers did not escape quotes when using strings declared as HTML safe as attribute values. A remote attacker could use this flaw to conduct a cross-site scripting XSS attack...

Rails 4 -- Possible XSS Vulnerability in Action View

Ruby Security team reports: There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. This vulnerability has been assigned the CVE identifier CVE-2016-6316...

Possible XSS Vulnerability in Action View

There is a possible XSS vulnerability in Action View. Text declared as "HTML safe" will not have quotes escaped when used as attribute values in tag helpers. Impact ------ Text declared as "HTML safe" when passed as an attribute value to a tag helper will not have quotes escaped which can lead to...

Mozilla Firefox and Firefox ESR Cross-Site Scripting Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. Mozilla Firefox and Firefox fail to properly handle the JavaScript event-handler attribute in the MARQUEE element, allowing remote attackers to exploit the vulnerability to build malicious web...

Algolia: Stored XSS from Display Settings triggered on Save and viewing realtime search demo

Here are the steps to trigger the XSS: 1. Create a JSON record that will contain the following attribute: "": "XSS attribute" 2. Go to Indices - Display and select the attribute under Attributes for Faceting and click save. 3. Note that XSS is triggered multiple times on that page. 4. XSS is now...

CVE-2016-5127

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascadin...

phpMyAdmin Injection Attack Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...

The vulnerability of the Linux operating system, which allows a malicious individual to trigger a service failure

A vulnerability in the Linux kernel allows a local user to trigger a system panic by using specially crafted BPF instructions. The BPFSANCNLATTR and BPFSANCNLATTRNEST instructions cause an error in the skrunfilter function from net/core/filter.c...

The vulnerability of Google Chrome browser allows a malicious actor to trigger a service failure.

The Google Chrome browser contains a vulnerability related to memory reclamation use-after-free error in the AttributeSetter function within the bindings/templates/attributes.cpp section of the Blink bindings for Google Chrome. Exploiting this vulnerability allows malicious actors to cause servic...

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

Design/Logic Flaw

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

CVE-2016-5702

CVE-2016-5702 affects phpMyAdmin 4.6.x prior to 4.6.3. The vulnerability arises when the environment lacks PHP_SELF, enabling cookie-attribute injection via a crafted URI. Affected component is the web management interface; the root cause is missing PHP_SELF handling that allows manipulation of c...

CVE-2016-5702

phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...

CVE-2016-5837

WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...

CVE-2016-5837

WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...

CVE-2016-5837

WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...

CVE-2016-5837

WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...

CVE-2016-5837

The CVE-2016-5837 issue affects WordPress prior to 4.5.3, where remote attackers could bypass intended access restrictions and remove a category attribute from a post via unspecified vectors. The vulnerability stems from weaknesses described in the WordPress pre-4.5.3 release; no exploitation det...