115 matches found
CVE-2023-6512
The CVE-2023-6512 issue affects Google Chrome’s Web Browser UI, where an inappropriate implementation in the UI could allow a remote attacker to spoof the contents of an iframe dialog context menu via a crafted HTML page. Affected product/versions include Chrome prior to 120.0.6099.62. The underl...
CVE-2023-6512
Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. Chromium security severity: Low...
OPENSUSE-SU-2023:0353-1 Security update for opera
This update for opera fixes the following issues: - Update to 104.0.4944.36 CHR-9492 Update Chromium on desktop-stable-118-4944 to 118.0.5993.118 DNA-112757 Tab close button Close button is cutted when a lot tabs are opened - The update to chromium 118.0.5993.118 fixes following issues:...
Aures Booking & POS Terminal - Local Privilege Escalation Vulnerability
Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation Common Vulnerability Scoring System: ==================================== 7.2 Vulnerability Class: ==================== Privilege Escalation Current Estimated Price: ======================== 3.000€ - 4.000€ Product & Service...
Aures Booking & POS Terminal - Local Privilege Escalation
Exploit Title: Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ==================================== 2323 Common...
Aures Booking And POS Terminal Local Privilege Escalation
Document Title: =============== Aures Booking & POS Terminal - Local Privilege Escalation References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2323 Release Date: ============= 2023-07-17 Vulnerability Laboratory ID VL-ID: ====================================...
PT-2023-7510 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...
GHSA-98FP-R22G-WPJ7 Jenkins CSRF protection bypass vulnerability
Jenkins provides context menus for various UI elements, like links to jobs and builds, or breadcrumbs. In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided value...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
Code injection
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
CVE-2023-35141
In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a victim may be tricked into sending a POST request to an unexpected endpoint by opening a context...
PT-2023-25161 · Jenkins · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.399 and earlier, LTS versions 2.387.3 and earlier Description: The issue arises when POST requests are sent to load the list of context actions. If part of the URL includes insufficiently escaped user-provided values, a...
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click… Continue reading - Persistence - Context Menu...
Persistence – Context Menu
Context menu provides shortcuts to the user in order to perform a number of actions. The context menu is invoked with a right mouse click… Continue reading - Persistence - Context Menu...
SUSE CVE-2012-1966
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...
SUSE CVE-2012-4515
Use-after-free vulnerability in khtml/rendering/renderreplaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by accessing an iframe when it is being updated...
SUSE CVE-2015-2711
Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a UR...