EUVD-2026-21332

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

OpenStack Skyline 安全漏洞

OpenStack Skyline is a web interface system for managing cloud platforms and visualizing resources under the OpenStack open-source framework. Versions of OpenStack Skyline prior to 5.0.1, 6.0.0, and 7.0.0 contain security vulnerabilities. These vulnerabilities stem from DOM-based cross-site...

CVE-2026-40212

OpenStack Skyline contains a DOM-based XSS in the console interface prior to 5.0.1, 6.0.0, and 7.0.0 due to unsafe use of document.write when administrators view instance console logs. Root cause is unsafe DOM manipulation in the console web UI. Impact is cross-site scripting in the admin console...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

PT-2026-31893

Name of the Vulnerable Software and Affected Versions OpenStack Skyline versions prior to 5.0.1, 6.0.0, and 7.0.0 Description OpenStack Skyline contains a DOM-based Cross-Site Scripting XSS issue in the console. This is due to the unsafe use of document.write. This is relevant when administrators...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

SUSE CVE-2007-0046

Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the 1 FDF, 2 XML, or 3 XFDF AJAX request parameters...

SUSE CVE-2009-2654

Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls th...

SUSE CVE-2010-3179

Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption an...

SUSE CVE-2013-6636

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors...

SUSE CVE-2018-12016

libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via certain window.open and document.write calls...

MyBB 1.8.25 - Chained Remote Command Execution

Exploit Title: MyBB 1.8.25 - Chained Remote Command Execution Exploit Author: SivertPL [email protected] Date: 19.03.2021 Description: Nested autourl Stored XSS - templateset second order SQL Injection leading to RCE through improper string interpolation in eval. Software Link:...

GNOME Web Denial of Service Vulnerability (CNVD-2018-11431)

GNOME Web Epiphany is a browser product for the GNOME desktop. The product provides paging, cookie management, pop-up ad control, and other features. A security vulnerability exists in the libephymain.so file in GNOME Web 3.28.2.1 and earlier versions. A remote attacker can exploit this...

UBUNTU-CVE-2018-12016

libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via certain window.open and document.write calls...

DEBIAN-CVE-2018-12016

libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via certain window.open and document.write calls...

Google Chrome 31.0 XSS Auditor Bypass Vulnerability

Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an...

Google Chrome 36.0 XSS Auditor Bypass

Vulnerability: Google Chrome 36.0 XSS Auditor Bypass Impact: Moderate Authors: Rafay Baloch Company: RHAInfoSec Website: http://rhainfosec.com version: Latest Description Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the...

Design/Logic Flaw

The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during presentation of a modal dialog, which allows remote attackers to spoof the address bar via vectors...

discuz! 7.* Stored xss-vulnerability warning-the black bar safety net

Post flash at the address filter is not strict, resulting in the storage typexss. ! document. writeACFLRunContent'width', '5 5 0', 'height', '4 0 0', 'allowNetworking', 'internal', 'allowScriptAccess', 'never', 'src', 'aaaaaaaaaaaaa', 'quality', 'high', 'bgcolor', 'ffffff', 'wmode', 'transparent'...