Lucene search
+L

114 matches found

github
github
added 2018/01/04 9:4 p.m.19 views

Marked vulnerable to XSS from data URIs

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser...

6.1CVSS6.2AI score0.01512EPSS
Exploits1References5Affected Software1
nodejs
nodejs
added 2017/03/08 11:27 p.m.51 views

XSS in Data URI

Overview Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript. Proof of Concept link Recommendation Update to v1.7.0 or later References - Issue 227 - GitHub Advisory...

4.3CVSS4.7AI score0.00977EPSS
Exploits1Affected Software1
hackerone
hackerone
added 2016/04/15 10:57 a.m.29 views

Uber: XSS in uber oauth

Hi , I have found that when setting a redirecturi for an application you validate for the presence of :// in the beginning of the url , but you don't validate for the protocol and you don't block malicious protocols such as javascript: pseudo protocol and data: URIs. Although the redirecting is...

0.5AI score
Exploits0
opensuse
opensuse
added 2013/01/23 2:4 p.m.67 views

Recommended to 12.10 (important)

Fixed security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate Cross-Site Scripting; -a high severity issue, a...

0.5AI score
Exploits0References1
openvas
openvas
added 2013/01/07 12:0 a.m.38 views

Opera Multiple Vulnerabilities-03 Jan13 (Windows)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln03jan13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Opera Multiple Vulnerabilities-03 Jan13 Windows Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

9.3CVSS0.4AI score0.03778EPSS
Exploits0References8
nessus
nessus
added 2012/11/12 12:0 a.m.13 views

Opera < 12.10 Multiple Vulnerabilities

Binary data 800822.prm...

7.3AI score
Exploits0References5
nessus
nessus
added 2012/11/12 12:0 a.m.12 views

Opera < 12.10 Multiple Vulnerabilities

Binary data 6618.prm...

9.3CVSS7.3AI score0.03778EPSS
Exploits0References12
nessus
nessus
added 2012/11/06 12:0 a.m.25 views

Opera < 12.10 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 12.10 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to certificate revocation checking that can allow the application to indicate that a site is secure even though the check has...

9.3CVSS6AI score0.03778EPSS
Exploits0References15
opera
opera
added 2012/11/02 12:0 a.m.484 views

Data URIs can be used to facilitate Cross-Site Scripting

Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...

1.3AI score
Exploits0Affected Software1
prion
prion
added 2011/07/01 10:55 a.m.11 views

Cross site scripting

Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted web site...

4.3CVSS5.9AI score0.01633EPSS
Exploits0References8Affected Software1
nessus
nessus
added 2011/06/30 12:0 a.m.35 views

Opera < 11.50 Multiple Vulnerabilities

The version of Opera installed on the remote Windows host is earlier than 11.50 and thus potentially affected by multiple vulnerabilities: - An error exists in the handling of data URIs that allows cross-site scripting in some unspecified cases. Issue 995 - An error exists in the browser's handli...

10CVSS5.7AI score0.02587EPSS
Exploits1References23
nessus
nessus
added 2011/06/29 12:0 a.m.27 views

Opera < 11.50 Multiple Vulnerabilities

Binary data 5971.prm...

10CVSS7.7AI score0.02587EPSS
Exploits1References23
opera
opera
added 2011/06/27 12:0 a.m.486 views

Data URIs may be used to initiate cross site scripting against unrelated sites

Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...

1.8AI score
Exploits0Affected Software1
opera
opera
added 2011/06/27 12:0 a.m.9 views

Data URIs may be used to initiate cross site scripting against unrelated sites – Opera Security Advisories

Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...

5.2AI score
Exploits0References1
nessus
nessus
added 2010/06/28 12:0 a.m.16 views

FreeBSD : opera -- Data URIs can be used to allow XSS (77b9f9bc-7fdf-11df-8a8d-0008743bf21a)

The Opera Desktop Team reports : Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that di...

5.4AI score
Exploits0References2
opera
opera
added 2010/06/22 12:0 a.m.23 views

Data URIs can be used to allow cross-site scripting

Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be...

1.4AI score
Exploits0Affected Software1
opera
opera
added 2010/06/22 12:0 a.m.10 views

Data URIs can be used to allow cross-site scripting – Opera Security Advisories

Data URIs can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | June 22, 2010 Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly...

5.5AI score
Exploits0References1
nessus
nessus
added 2010/06/22 12:0 a.m.22 views

Opera < 10.54 Multiple Vulnerabilities

The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system MS10-032 954 - It may be possible to use data URIs in a...

10CVSS6AI score0.05039EPSS
Exploits0References11
freebsd
freebsd
added 2010/06/21 12:0 a.m.13 views

opera -- Data URIs can be used to allow cross-site scripting

The Opera Desktop Team reports: Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did...

1.1AI score
Exploits0References1
prion
prion
added 2009/12/21 4:30 p.m.25 views

Cross site scripting

TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...

4.3CVSS5.2AI score0.0137EPSS
Exploits1References7Affected Software2
Rows per page
Query Builder