51 matches found
Astra Linux - уязвимость в firefox
An attacker with temporary script access to a website could have set a cookie containing invalid characters using document.cookie, which could lead to unknown errors. This vulnerability affects Firefox versions earlier than 119...
SUSE CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
CVE-2023-5723
An attacker with temporary script access to a site could have set a cookie containing invalid characters using document.cookie that could have led to unknown errors. This vulnerability affects Firefox 119...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 119. An attacker could use the vulnerability to set a cookie containing invalid characters using "document.cookie"...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
Mozilla: Cookie jar overflow caused unexpected cookie jar state
The Mozilla Foundation Security Advisory describes this flaw as: When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies...
SUSE CVE-2011-2605
CRLF injection vulnerability in the nsCookieService::SetCookieStringInternal function in netwerk/cookie/nsCookieService.cpp in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, and Thunderbird before 3.1.11, allows remote attackers to bypass intended access restrictions via a string containing...
U.S. Dept Of Defense: Stored XSS at https://█████
Description: In registeration page https://████ , first name and last name field are vulnerable to Stored Cross Site Scripting. Proof of concept For the fastly test, use this credentials to login my test account email: █████████ password: ██████ After login , alert document.cookie will triggered...
WordPress Cookie Law Bar 1.2.1 Plugin - (clb_bar_msg) Stored Cross-Site Scripting Vulnerability
Exploit Title: WordPress Plugin Cookie Law Bar 1.2.1 - 'clbbarmsg' Stored Cross-Site Scripting XSS Exploit Author: Mesut Cetin Vendor Homepage: https://www.cookielawinfo.com/wordpress-plugin/ Software Link: https://wordpress.org/plugins/cookie-law-bar/ Version: 1.2.1 Tested on: Ubuntu 16.04 LTS,...
DotCMS 20.11 Cross Site Scripting
Exploit Title: DotCMS 20.11 - Stored Cross-Site Scripting Exploit Author: Hardik Solanki Vendor Homepage: https://dotcms.com/ Version: 20.11 Tested on Windows 10 Vulnerable Parameters: Template Title Steps to reproduce: 1. Login With Admin Username and password. 2. Navigate to Site -- Template --...
Online Clothing Store 1.0 Cross Site Scripting
Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
Online Clothing Store 1.0 - Persistent Cross-Site Scripting
Exploit Title: Online Clothing Store 1.0 - Persistent Cross-Site Scripting Date: 2020-05-05 Exploit Author: Sushant Kamble Vendor Homepage: https://www.sourcecodester.com/php/14185/online-clothing-store.html Software Link:...
ModSecurity 3.0.0 Cross Site Scripting
Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Date: 2018-07-02 Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description: ModSecurity 3.0.0 has XSS via an onError...
ModSecurity 3.0.0 - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: ModSecurity 3.0.0 - Cross-Site Scripting Vendor Homepage: https://www.modsecurity.org Software: ModSecurity Category: Web Application Firewall Exploit Author: Adipta Basu Tested on: Mac OS High Sierra CVE: N/A Description:...
Private Message PHP Script 2.0 Cross Site Scripting
Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows Description : Private Message PHP Script...
python-django: CSRF protection bypass on a site with Google Analytics
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...
python-django: CSRF protection bypass on a site with Google Analytics
A CSRF flaw was found in Django, where an interaction between Google Analytics and Django's cookie parsing could allow an attacker to set arbitrary cookies leading to a bypass of CSRF protection. In this update, the parser for ''request.COOKIES'' has been simplified to better match browser behavi...