Lucene search
K

38 matches found

Prion
Prion
added 2019/02/28 6:29 p.m.23 views

Cross site scripting

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

4.3CVSS6.6AI score0.0105EPSS
Exploits0References4Affected Software3
CVE
CVE
added 2019/02/28 6:0 p.m.143 views

CVE-2018-18499

CVE-2018-18499 is a same-origin policy vulnerability in Mozilla Firefox and Thunderbird where a page using a meta http-equiv="refresh" redirects to another site and allows theft of cross-origin URL entries via performance.getEntries(). Affected: Firefox < 62, Firefox ESR < 60.2, Thunderbird

6.5CVSS5.6AI score0.0105EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2019/02/28 6:0 p.m.27 views

CVE-2018-18499

A same-origin policy violation allowing the theft of cross-origin URL entries when using a meta http-equiv="refresh" on a page to cause a redirection to another site using performance.getEntries. This is a same-origin policy violation and could allow for data theft. This vulnerability affects...

6.5CVSS7.3AI score0.0105EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/07/11 11:8 a.m.27 views

CVE-2014-4908

Multiple cross-site scripting XSS vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching 1 share/pnp/application/views/kohanaerrorpage.php or 2 share/pnp/application/views/template.php, leading to improper handling...

4.3CVSS5.9AI score0.01914EPSS
Exploits1References5
CVE
CVE
added 2014/07/11 10:0 a.m.50 views

CVE-2014-4908

CVE-2014-4908 is a cross-site scripting vulnerability in PNP4Nagios up to version 0.6.22. The issue enables an attacker to inject script/HTML via URI handling for two PHP views, due to improper handling of an http-equiv="refresh" META element. Connected documents confirm related CVE-2014-4907 and...

4.3CVSS5.7AI score0.01914EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

OneWorldStore DisplayResults.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13251/info OneWorldStore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

7.1AI score
Exploits0
Prion
Prion
added 2012/08/23 10:32 a.m.25 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...

4.3CVSS6AI score0.04195EPSS
Exploits1References5Affected Software2
NVD
NVD
added 2012/08/12 9:55 p.m.17 views

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS5.7AI score0.01319EPSS
Exploits1References1
NVD
NVD
added 2012/08/12 9:55 p.m.16 views

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS5.7AI score0.01343EPSS
Exploits1References1
NVD
NVD
added 2012/08/12 9:55 p.m.25 views

CVE-2012-2585

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

4.3CVSS5.7AI score0.01353EPSS
Exploits1References1
Prion
Prion
added 2012/08/12 9:55 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS6AI score0.01343EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2012/08/12 9:55 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

4.3CVSS6AI score0.01319EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2012/08/12 9:55 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS6AI score0.01319EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2012/08/12 9:0 p.m.24 views

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

5.7AI score0.01319EPSS
Exploits1References1
Cvelist
Cvelist
added 2012/08/12 9:0 p.m.26 views

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

5.7AI score0.01319EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2009/06/03 12:0 a.m.27 views

Solaris Update for telnet 119433-01

Check for the Version of telnet OpenVAS Vulnerability Test Solaris Update for telnet 119433-01 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

7.5CVSS0.1AI score0.27073EPSS
Exploits0References2
Prion
Prion
added 2007/06/11 7:30 p.m.17 views

Code injection

Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results...

9.3CVSS7.3AI score0.01162EPSS
Exploits1References3
exploitpack
exploitpack
added 2004/05/14 12:0 a.m.13 views

Microsoft Internet Explorer 5.0.1 - http-equiv Meta Tag Denial of Service

Microsoft Internet Explorer 5.0.1 - http-equiv Meta Tag Denial of Service source: https://www.securityfocus.com/bid/10351/info It has been reported that Internet Explorer is prone to a denial of service vulnerability when processing a malicious script containing the 'window.createPopup' method to...

7.3AI score
Exploits0
Rows per page
Query Builder