114 matches found
Marked vulnerable to XSS from data URIs
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser...
XSS in Data URI
Overview Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript. Proof of Concept link Recommendation Update to v1.7.0 or later References - Issue 227 - GitHub Advisory...
Uber: XSS in uber oauth
Hi , I have found that when setting a redirecturi for an application you validate for the presence of :// in the beginning of the url , but you don't validate for the protocol and you don't block malicious protocols such as javascript: pseudo protocol and data: URIs. Although the redirecting is...
Recommended to 12.10 (important)
Fixed security issues: -an issue that could cause Opera not to correctly check for certificate revocation; -an issue where CORS requests could incorrectly retrieve contents of cross origin pages; -an issue where data URIs could be used to facilitate Cross-Site Scripting; -a high severity issue, a...
Opera Multiple Vulnerabilities-03 Jan13 (Windows)
The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln03jan13win.nasl 6093 2017-05-10 09:03:18Z teissa $ Opera Multiple Vulnerabilities-03 Jan13 Windows Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...
Opera < 12.10 Multiple Vulnerabilities
Binary data 800822.prm...
Opera < 12.10 Multiple Vulnerabilities
Binary data 6618.prm...
Opera < 12.10 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 12.10 and is, therefore, reportedly affected by the following vulnerabilities : - An error exists related to certificate revocation checking that can allow the application to indicate that a site is secure even though the check has...
Data URIs can be used to facilitate Cross-Site Scripting
Data URIs are only supposed to inherit the scripting origin from the site that creates them, such as by including them as the target of a link or an inline frame in the source of the document. Specific sequences of document and data URI loading can cause Opera to forget which document created the...
Cross site scripting
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via a crafted web site...
Opera < 11.50 Multiple Vulnerabilities
The version of Opera installed on the remote Windows host is earlier than 11.50 and thus potentially affected by multiple vulnerabilities: - An error exists in the handling of data URIs that allows cross-site scripting in some unspecified cases. Issue 995 - An error exists in the browser's handli...
Opera < 11.50 Multiple Vulnerabilities
Binary data 5971.prm...
Data URIs may be used to initiate cross site scripting against unrelated sites
Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...
Data URIs may be used to initiate cross site scripting against unrelated sites – Opera Security Advisories
Data URIs are supposed to inherit the security context from the page that created them. In some cases, Opera does not enforce this correctly, and will allow unrelated data URIs to interact both with each other, and their source pages. This can be used to enable cross site scripting against the...
FreeBSD : opera -- Data URIs can be used to allow XSS (77b9f9bc-7fdf-11df-8a8d-0008743bf21a)
The Opera Desktop Team reports : Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that di...
Data URIs can be used to allow cross-site scripting
Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did not directly cause them to be...
Data URIs can be used to allow cross-site scripting – Opera Security Advisories
Data URIs can be used to allow cross-site scripting – Opera Security Advisories OPCOM Team | June 22, 2010 Severity Highly severe Description Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly...
Opera < 10.54 Multiple Vulnerabilities
The version of Opera installed on the remote host is earlier than 10.54. Such versions are potentially affected by the following issues : - Web fonts may be used to trigger a privilege elevation vulnerability in the Windows operating system MS10-032 954 - It may be possible to use data URIs in a...
opera -- Data URIs can be used to allow cross-site scripting
The Opera Desktop Team reports: Data URIs are allowed to run scripts that manipulate pages from the site that directly opened them. In some cases, the opening site is not correctly detected. In these cases, Data URIs may erroneously be able to run scripts so that they interact with sites that did...
Cross site scripting
TextFilter/lib/Horde/Text/Filter/Xss.php in Horde Application Framework before 3.3.6, Horde Groupware before 1.2.5, and Horde Groupware Webmail Edition before 1.2.5 does not properly handle data: URIs, which allows remote attackers to conduct cross-site scripting XSS attacks via data:text/html...