Lucene search
K

120 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:14 a.m.2 views

SUSE CVE-2015-7211

Mozilla Firefox before 43.0 mishandles the number sign character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors...

5CVSS6.8AI score0.02543EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.3 views

SUSE CVE-2016-2825

Mozilla Firefox before 47.0 allows remote attackers to bypass the Same Origin Policy and modify the location.host property via an invalid data: URL...

6.5CVSS6.8AI score0.01699EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:1 a.m.2 views

SUSE CVE-2016-5251

Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL...

4.3CVSS6.7AI score0.01473EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:51 a.m.4 views

SUSE CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page...

6.5CVSS8.5AI score0.01395EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.3 views

SUSE CVE-2019-17000

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...

6.1CVSS8.5AI score0.00809EPSS
Exploits0References3
Hacker One
Hacker One
added 2022/10/17 9:53 a.m.8 views

Shopify: URL Scheme Validation Bypass in Shopify Mobile App Allows Javascript Execution

A vulnerability in the Shopify mobile application allowed bypassing URL scheme validation in the NavigationActivity component. Attackers could craft malicious URLs using data: or javascript: schemes to execute JavaScript code within the app's webview context...

7.2AI score
Exploits0
Huntr
Huntr
added 2022/05/26 4:55 p.m.17 views

Server-Side Request Forgery via upload image gallery

Description Upload image to gallery, the server use filegetcontents function to load image via data scheme url, so attacker can modify this url to any URL like http to send ability request to any URL , and file to read local file, ... Proof of Concept POST /index.php?q=/api/leadmall/gallery...

0.4AI score
Exploits0References1
RustSec
RustSec
added 2021/05/04 12:0 p.m.17 views

XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...

6.1CVSS1AI score0.00741EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2021/02/24 12:0 a.m.7 views

Mozilla Rust 跨站脚本漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A cross-site scripting vulnerability exists in Rust in versions prior to comrak crate 0.9.1, which stems from the fact that the protection mechanism for data: and javascript: URIs is case-sensitive. No details o...

6.1CVSS6.2AI score0.00686EPSS
Exploits0References2
OSV
OSV
added 2020/05/07 12:0 a.m.1 views

UBUNTU-CVE-2020-12391

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox 76...

7.5CVSS7.4AI score0.01351EPSS
Exploits0References4
OSV
OSV
added 2019/10/23 12:0 a.m.1 views

UBUNTU-CVE-2019-17000

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox 70...

6.1CVSS6.7AI score0.00809EPSS
Exploits0References4
Typo3
Typo3
added 2019/06/25 12:0 a.m.54 views

Cross-Site Scripting in Link Handling

It has been discovered that the t3:// URL handling is vulnerable to cross-site scripting when making use of javascript: or data: scheme in link fields like the following...

4.3CVSS6.2AI score0.00685EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/03/20 12:0 a.m.7 views

UBUNTU-CVE-2019-9808

If WebRTC permission is requested from documents with data: or blob: URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown origin" as the requestee, leading to user confusion about which site is asking for this permission. This...

5.3CVSS6.7AI score0.00397EPSS
Exploits0References5
CNVD
CNVD
added 2019/03/18 12:0 a.m.2 views

simple-markdown cross-site scripting vulnerability

simple-markdown is a simple, extensible Markdown-like parser . A cross-site scripting vulnerability exists in simple-markdown.js in Khan Academy simple-markdown versions prior to 0.4.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the data: or vbscript: URI...

6.1CVSS6.3AI score0.01274EPSS
Exploits0References1
OSV
OSV
added 2018/06/11 9:29 p.m.3 views

CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

6.1CVSS7.3AI score0.01544EPSS
Exploits0References4
CNVD
CNVD
added 2018/03/15 12:0 a.m.3 views

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2018-07309)

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A same-origin policy bypass vulnerability exists in Mozilla Firefox. A remote user can bypass the same-origin policy and access data in another tab by invoking a shared worker via the 'data:' U...

7.5CVSS8.8AI score0.01644EPSS
Exploits0References1
OSV
OSV
added 2018/01/04 9:4 p.m.4 views

GHSA-7PX7-7XJX-HXM8 Marked vulnerable to XSS from data URIs

marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser...

6.1CVSS5.9AI score0.01512EPSS
Exploits1References6
CNVD
CNVD
added 2018/01/03 12:0 a.m.5 views

marked data: URI parser cross-site scripting vulnerability

marked is an American software developer Christopher Jeffrey developed a Markdown parser and compiler written in JavaScript. data:URI parser is one of the URI Uniform Resource Identifier parser. A cross-site scripting vulnerability exists in the data: URI parser in marked 0.3.6 and earlier. A...

6.1CVSS6.3AI score0.01512EPSS
Exploits1References1
OSV
OSV
added 2017/10/27 5:29 a.m.4 views

CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page...

6.5CVSS7AI score
Exploits0References6
OSV
OSV
added 2017/10/27 5:29 a.m.4 views

UBUNTU-CVE-2017-5110

Inappropriate implementation of the web payments API on blob: and data: schemes in Web Payments in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page...

6.5CVSS7.3AI score0.01395EPSS
Exploits0References3
Rows per page
Query Builder