CVE-2012-10032

Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting XCS via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to execute arbitrary JavaScript in a privileged context. This flaw enables modification of browser...

CVE-2020-25207

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler...

PT-2024-29361 · Unknown · Phpgurukul Tourism Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Tourism Management System version 2.0 Description: A reflected cross-site scripting issue allows attackers to execute arbitrary code in the context of a user's browser by injecting a crafted payload into the uname parameter...

CVE-2023-35174 Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows

Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is...

CVE-2023-27472

quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...

Remote Code Execution via in Browser Editing - CVE-2018-5225

An authenticated user of Bitbucket Server could gain remote code execution using the in browser editing feature via editing a symbolic link within a repository. Affected versions: All versions of Bitbucket Server before 5.4.8 the fixed version for 4.13.0 through to 5.4.7, 5.5.0 before 5.5.8 the...