EUVD-2023-2809

Malicious code in bioql PyPI...

Developers Insight on Manifest V3 Privacy and Security Webextensions

Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest...

CVE-2009-3195

Multiple cross-site scripting XSS vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 rss.php and 2 search.php...

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs. The attack, codenamed CrossBarking , could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and accou...

CVE-2024-29384

An issue in CSS Exfil Protection v.1.1.0 allows a remote attacker to obtain sensitive information via the content.js and parseCSSRules functions...

React Developer Tools extension Improper Authorization vulnerability

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

Input validation

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

CVE-2023-5654

The React Developer Tools extension registers a message listener with window.addEventListener'message', in a content script that is accessible to any webpage that is active in the browser. Within the listener is code that requests a URL derived from the received message via fetch. The URL is not...

PT-2023-32240 · Facebook · React Developer Tools

Name of the Vulnerable Software and Affected Versions: React Developer Tools extension affected versions not specified Description: The React Developer Tools extension has a message listener registered with window.addEventListener'message', in a content script accessible to any active webpage in...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 Exploit - Bait and Switch Archive Generator...

The vulnerability of the “id” parameter in the “content.php” script of the Webexcels Ecommerce CMS allows a hacker to execute XSS attacks.

The vulnerability of the “id” parameter in the “content.php” script of the Webexcels Ecommerce CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

CVE-2022-24074

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

Default credentials

Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises...

CVE-2022-24074

CVE-2022-24074 affects Whale Browser prior to 3.12.129.18, where the default extension Whale Bridge could receive any SendMessage request from the content script itself. This could allow an attacker to control Whale Bridge if the rendering process is compromised. The reported remediation is to up...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from the Korean company Naver that supports user-defined interfaces. A security vulnerability previously existed in Naver Whale Browser 3.12.129.18, which stemmed from a default extension in Whale Browser that allowed receiving any SendMessage request from the...

PT-2022-16453 · Unknown · Whale Bridge +1

Name of the Vulnerable Software and Affected Versions: Whale browser versions prior to 3.12.129.18 Description: The issue allows Whale Bridge, a default extension in Whale browser, to receive any SendMessage request from the content script itself. This could lead to controlling Whale Bridge if th...