437 matches found
Mozilla: CSS and HTML injection through Style Inspector (MFSA 2012-104)
The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets CSS token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via ...
MediaWiki 1.16.3之前版本存在多个远程漏洞
Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞,允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型,可被利用注入和执行HTML,在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前,wikitext解析器没有对其进行过滤,可被利用注入和执行HTML,在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问,可被利用执行未授权远程资源导入。...
Design/Logic Flaw
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...
CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...
UBUNTU-CVE-2011-0161
WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does not properly handle the Attr.style accessor, which allows remote attackers to bypass the Same Origin Policy and inject Cascading Style Sheets CSS token sequences via a crafted web site...
CVE-2011-0161
CVE-2011-0161 affects WebKit as used in Apple Safari before 5.0.4 and iOS before 4.3. The vulnerability arises from how the Attr.style accessor is handled, allowing remote attackers to bypass the Same Origin Policy and inject CSS token sequences via a crafted website. The described impact is that...
FreeBSD : mediawiki -- multiple vulnerabilities (8d04cfbd-344d-11e0-8669-0025222482c5)
Medawiki reports : An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in '.php' which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...
DEBIAN-CVE-2011-0047
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...
CVE-2011-0047
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...
CVE-2011-0047
CVE-2011-0047 is a cross-site scripting (XSS) vulnerability in MediaWiki prior to 1.16.2, exploitable by remote attackers via crafted CSS comments to inject script/HTML. Affected component: MediaWiki core; root cause: improper handling of CSS comment content leading to HTML/JS injection; impact: ...
mediawiki -- multiple vulnerabilities
Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite...
CVE-2010-1647
Cross-site scripting XSS vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS strings that are processed as script by Internet Explorer...
[Onapsis Security Advisory 2010-003] SAP WebDynpro Runtime XSS/CSS Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2010-00: SAP WebDynpro Runtime XSS/CSS Injection This advisory can be downloaded from http://www.onapsis.com/research.html. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...
Use CSS hung it using the method!- Vulnerability warning-the black bar safety net
Inserted into the css or the head of the style can be... If the plug portion of the style in this writing style type="text/css" !-- body background-image: url'javascript:document. write"script src=aa. js/script"' -- /style Call the aa. js content document. write"iframe src=http://www. winshell. c...
CVE-2005-2401
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets CSS via the BBCode color tag...
CVE-2005-2401
PHP-Fusion is affected by CVE-2005-2401: remote attackers can inject arbitrary CSS through the BBCode color tag in posts. The related Nessus plugin and CVE records indicate this affects PHP-Fusion builds around the 6.0x line (e.g.,
LiveJournal 1.1 - CSS HTML Injection
LiveJournal 1.1 - CSS HTML Injection source: https://www.securityfocus.com/bid/9727/info LiveJournal is reportedly prone to HTML injection via Cascading Style Sheet CSS tags. It is possible to inject hostile HTML and script code into journal entries through this vulnerability. This could...