CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

42 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2008-1014

Malware in sbrugna...

4.3CVSS6.1AI score0.01834EPSS

Exploits1References10

Tenable Nessus•added 2025/08/15 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2019-11711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperativel...

8.8CVSS8.2AI score0.01633EPSS

Exploits0References2

Tenable Nessus•added 2025/08/07 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2019-11762

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on t...

6.1CVSS7.8AI score0.00609EPSS

Exploits0References2

OSV•added 2024/01/08 2:15 a.m.•6 views

CVE-2023-7215

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

6.1CVSS6.2AI score

Exploits0References3

Citrix•added 2023/09/28 12:0 a.m.•5 views

document.domain deprecation on Chrome 115

Issue with HTTP response if the page is reliant on document.domain. Same-origin policy by setting document.domain is deprecated, and will be disabled by default...

7.1AI score

Exploits0

SUSE CVE•added 2023/02/15 6:4 a.m.•6 views

SUSE CVE-2009-1597

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as...

9.3CVSS6.7AI score0.01736EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:45 a.m.•3 views

SUSE CVE-2012-3985

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting XSS attacks by leveraging initial-origin access after document.domain has been set...

4.3CVSS8.2AI score0.01914EPSS

Exploits0References7

SUSE CVE•added 2023/02/15 4:12 a.m.•1 views

SUSE CVE-2019-11711

When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did...

8.8CVSS8.5AI score0.01633EPSS

Exploits0References24

SUSE CVE•added 2023/02/15 4:11 a.m.•3 views

SUSE CVE-2019-11762

If two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This vulnerability affects Firefox 70, Thunderbird 68.2, and Firefox ESR 68.2...

6.1CVSS8.4AI score0.00609EPSS

Exploits0References12

Huntr•added 2022/05/11 8:23 a.m.•8 views

Stored XSS due to the setting text/xml mime type for xml files

Description Hi, The patch for the previous XSS vulnerability Cross-site scripting - Reflected via upload .xml file looks incomplete. It just will set the mime type to text/xml for XML files to avoid XSS, However, this one can be also used to perform XSS too. Since an XML file can contain HTML...

5.8AI score

Exploits0

Packet Storm•added 2021/08/20 12:0 a.m.•289 views

Laundry Booking Management System 1.0 Cross Site Scripting

Exploit Title: Laundry Booking Management System 1.0 - 'Multiple' Stored Cross-Site Scripting XSS Date: 2021-08-19 Exploit Author: Azumah Foresight Xorlali Vendor Homepage: https://www.sourcecodester.com/php/14400/laundry-booking-management-system-php-source-code.html Software Link:...

0.1AI score

Exploits0

OSV•added 2020/01/08 8:15 p.m.•2 views

DEBIAN-CVE-2019-11762

6.1CVSS7.7AI score0.00609EPSS

Exploits0References1

Prion•added 2020/01/08 8:15 p.m.•18 views

Cross site scripting

5.8CVSS6.3AI score0.00609EPSS

Exploits0References6Affected Software4

RedHat Linux•added 2019/11/06 5:13 p.m.•4 views

Mozilla: document.domain-based origin isolation has same-origin-property violation

A flaw was found in Mozilla's firefox and thunderbird where if two same-origin documents set document.domain differently to become cross-origin, it was possible for them to call arbitrary DOM methods/getters/setters on the now-cross-origin window. This could cause an interaction between two...

6.1CVSS7.4AI score0.00609EPSS

Exploits0References5

RedHat Linux•added 2019/10/31 2:15 p.m.•6 views

Mozilla: document.domain-based origin isolation has same-origin-property violation

6.1CVSS7.4AI score0.00609EPSS

Exploits0References5

RedHat Linux•added 2019/10/29 1:48 p.m.•4 views

Mozilla: document.domain-based origin isolation has same-origin-property violation

6.1CVSS7.4AI score0.00609EPSS

Exploits0References5

RedHat Linux•added 2019/10/29 9:53 a.m.•4 views

Mozilla: document.domain-based origin isolation has same-origin-property violation