Cross-Site Scripting (XSS)

Firefox is vulnerable to cross-site scripting XSS. An origin confusion error may occur when reloading isolated data:text/html URLs. allowing an attacker to execute malicious scripts...

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

collegegrid.com XSS vulnerability

Vulnerable URL: https://collegegrid.com/redirectwebsite.asp?url=data:text/html;base64,PHNjcmlwdD5hbGVydCgvWFNTUE9TRUQvKTwvc2NyaXB0Pg==name=XSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

bbw-hochschule.de XSS vulnerability

Open Bug Bounty ID: OBB-279705 Description| Value ---|--- Affected Website:| bbw-hochschule.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

epex.eb.mil.br XSS vulnerability

Vulnerable URL: http://www.epex.eb.mil.br/images/publicacoes/RevistaNega/bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnT1BFTiBCVUdCT1VOVFknKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 11.08.2017 Vulnerability type:| XSS...

jet.gov.il XSS vulnerability

Vulnerable URL: http://jet.gov.il/media/pdf/bookContent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnT1BFTiBCVUdCT1VOVFknKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 08.08.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

actsretirement.org XSS vulnerability

Vulnerable URL: https://www.actsretirement.org/staticcontent/flipbooks/financialsecurity/bookcontent.swf?currentHTMLURL=data:text/html;base64,PHNjcmlwdD5hbGVydCgnT1BFTiBCVUdCT1VOVFknKTwvc2NyaXB0Pg== Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability...

CVE-2017-5466

If a page is loaded from an original site through a hyperlink and contains a redirect to a "data:text/html" URL, triggering a reload will run the reloaded "data:text/html" page with its origin set incorrectly. This allows for a cross-site scripting XSS attack. This vulnerability affects Thunderbi...

Apple Safari URI spoofing (CVE-2015-5764)

tl;dr Apple Safari for OS X was prone to URI spoofing vulnerability and more general a user interface spoofing. Apple released security updates for Safari 9 on OS X and assigned CVE-2015-5764. Accidentally this vulnerability was also present in iOS. Instant demo In Safari up to 8.0.8 : go to clic...