localprjet.com Cross Site Scripting vulnerability OBB-1255790

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

chromium-browser: Use after free in CSS

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. When specifying a custom cursor using CSS in an endless loop, the user interface will be perceived to be in a broken state...

CSS Injection

Overview chartkick is a Ruby gem that allows creation of JavaScript charts. Affected versions of this package are vulnerable to CSS Injection. Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

CSS Injection

chartkick is vulnerable to CSS injection. A remote attacker is able to inject arbitrary CSS without attributes...

VulnCheck KEV: CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16254

The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets CSS Injection without attribute...

CVE-2020-16254

The CVE-2020-16254 entry concerns the Chartkick gem for Ruby, affecting versions up to 3.3.2. The vulnerability is described as CSS Injection (without attribute), with the root cause identified as a CSS injection issue in Chartkick. The provided connected documents consistently reference the same...

CSS injection with width and height options

Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...

CVE-2020-11583

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

CVE-2020-11583

A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter...

CVE-2020-11583

CVE-2020-11583 affects Plesk Obsidian 18.0.17 with a GET-based reflected XSS. The vulnerability allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. The available connected documents corroborate a client-side data handling flaw in the Plesk Obsidia...

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

CVE-2020-15654

When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. Thi...

CVE-2020-6539

Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Stable Channel Update for Desktop

The stable channel has been updated to 84.0.4147.105 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...

KLA11917 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebUSB can be exploited to cause denial of service. 2. Heap...

chromium -- multiple vulnerabilities

Chrome Releases reports: This update contains 8 security fixes, including: 1105318 High CVE-2020-6537: Type Confusion in V8. Reported by Alphalaab on 2020-07-14 1096677 High CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang@Rudykewang and Aryb1n@aryb1n of Tencent...