Lucene search
K

196 matches found

OSV
OSV
added 2025/03/04 2:15 p.m.18 views

CVE-2025-1935

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability affects Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

4.3CVSS5.7AI score
Exploits0References6
CVE
CVE
added 2025/03/04 1:31 p.m.142 views

CVE-2025-1935

CVE-2025-1935 is described in connected advisories as a UI/protocol-handler spoof affecting Firefox and Thunderbird before versions 136 (Firefox) / 128.8 (Firefox ESR) and before 136 (Thunderbird) / 128.8 (Thunderbird). The issue allows a malicious web page to coax a user into setting that site a...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2025/03/04 1:31 p.m.28 views

CVE-2025-1935 Clickjacking the registerProtocolHandler info-bar

A web page could trick a user into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

0.00316EPSS
Exploits0References5
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.19 views

Security Vulnerabilities fixed in Thunderbird 136 — Mozilla

Certain crafted MIME email messages that claimed to contain an encrypted OpenPGP message, which instead contained an OpenPGP signed message, were wrongly shown as being encrypted. When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could hav...

8.8CVSS8.4AI score0.00497EPSS
Exploits0References13Affected Software1
Mozilla
Mozilla
added 2025/03/04 12:0 a.m.35 views

Security Vulnerabilities fixed in Firefox ESR 128.8 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

8.8CVSS7.3AI score0.00497EPSS
Exploits0References10Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/16 6:7 a.m.0 views

"Shonen Jump+" App for Android fails to restrict custom URL schemes properly

Overview "Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Toshiki Iwasaki of Mitsui Buss...

3.3CVSS6.7AI score0.00165EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/12/16 12:0 a.m.10 views

JVN#08430039: "Shonen Jump+" App for Android fails to restrict custom URL schemes properly

"Shonen Jump+" App for Android provided by SHUEISHA INC. provides the function to access a requested URL using Custom URL Scheme. The App does not restrict access to the function properly CWE-939 which may be exploited to direct the App to access any sites. Impact A remote attacker may lead a use...

3.3CVSS7AI score0.00165EPSS
Exploits0
CVE
CVE
added 2024/12/05 2:42 a.m.56 views

CVE-2024-54014

CVE-2024-54014 affects the Skylark App for Android (≤ 6.2.13) and iOS (≤ 6.2.13). The issue is an improper authorization in the handler for the app’s Custom URL Scheme, which could cause the app to load an arbitrary web site via another application on the device. According to the sources, the vul...

3.6CVSS6.6AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2024/11/19 5:15 p.m.25 views

CVE-2024-51930

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...

6.5CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/19 4:30 p.m.8 views

CVE-2024-51930 WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6...

6.5CVSS6.7AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2024/11/19 4:30 p.m.51 views

CVE-2024-51930

CVE-2024-51930 affects the WordPress plugin Custom URL Shortener, specifically versions

6.5CVSS7.2AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/19 4:30 p.m.16 views

CVE-2024-51930 WordPress Custom URL Shortener plugin <= 0.3.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in IronFeet Custom URL Shortener custom-url-shorter allows Stored XSS.This issue affects Custom URL Shortener: from n/a through = 0.3.6...

6.5CVSS0.00231EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/19 12:0 a.m.5 views

WordPress plugin Custom URL Shortener 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

6.5CVSS7.7AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2024/11/11 8:15 p.m.12 views

CVE-2024-51486

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

8.4CVSS0.00484EPSS
Exploits1References1
OSV
OSV
added 2024/11/11 8:15 p.m.3 views

UBUNTU-CVE-2024-51490

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

9CVSS5.8AI score0.00499EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/11/11 7:44 p.m.18 views

CVE-2024-51486 Stored Cross-Site Scripting in Ampache

Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the "Custom URL - Favicon". This section is not properly sanitized, allowing for the input of strings that can execute JavaScrip...

5.5CVSS7AI score0.00484EPSS
Exploits1References1
CVE
CVE
added 2024/11/11 7:44 p.m.50 views

CVE-2024-51486

Ampache (web-based audio/video streaming app and file manager) has a Stored Cross-Site Scripting vulnerability in the interface menu’s Custom URL - Favicon field. The input is not properly sanitized, allowing JavaScript execution. The issue is mitigated by upgrading to version 7.0.1, which is the...

8.4CVSS6AI score0.00484EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/11 7:35 p.m.12 views

CVE-2024-51490 Stored Cross-Site Scripting in Ampache

Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change "Custom URL - Logo". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. Thi...

5.5CVSS7AI score0.00499EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.5 views

Ampache 跨站脚本漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site scripting vulnerability exists in Ampache version 7.0.1, which originates from a user being able to change the Custom URL - Logo in the interface section of the Ampache menu...

9CVSS5.9AI score0.00499EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.5 views

Ampache 跨站脚本漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site scripting vulnerability exists in Ampache version 7.0.1, which originates from a user being able to change the Custom URL - Favicon in the interface section of the Ampache menu...

8.4CVSS5.9AI score0.00484EPSS
Exploits1References2
Rows per page
Query Builder