5123 matches found
CVE-2019-12592
A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...
CVE-2019-12592
A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...
The Evernote Chrome extension vulnerability analysis-vulnerability warning-the black bar safety net
! 0x00 Preface 2019, 5 months, Guardio research team discovered Evernote Web Clipper Chrome plugin a serious vulnerability. This is a logical flaw, an attacker can take the destruction domain isolation mechanism to the user identity to execute code, and ultimately to access sensitive user...
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do...
Debian DLA-1812-1 : doxygen security update
Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 'Jessie', this problem has been fixed in version 1.8.8-5+deb8u1. We recommend that you upgrade your doxygen packages. NOTE: Tenable Network...
Infogram: Privilege escalation allows to use iframe functionality w/o upgrade
Hello team! I've found a privilege escalation issue which allows to set iframes to the projects w/o upgrading. Steps to reproduce - Login - Navigate to the project - Choose integrations and click the IFrame - See that you'll get upgrade now notification F501019 - Inspect the page with developer...
Debian: Security Advisory (DLA-1812-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1812-1] doxygen security update
Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
Cross site scripting
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
CVE-2016-10245 affects the doxygen package across multiple distributions (e.g., MiracleLinux, EulerOS, NewStart CGSL, etc.). Root cause: insufficient sanitization of the query parameter in templates/html/search_opensearch.php, allowing reflected cross-site scripting or iframe injection. Impact: r...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
UBUNTU-CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
Tor: Detect Tor Browser's language
Summary Some error pages uses Tor Browser's language based text, and iframe can steal it. Details Since the language of Tor Browser is used for the title of the link tag on 404 error page, an attacker can obtain the language of Tor Browser even if the user has set privacy.spoofenglish to 2. I...
Skimmer acts as payment service provider via rogue iframe
Criminals continue to target online stores to steal payment details from unaware customers at a rapid pace. There are many different ways to go about it, from hacking the shopping site itself, to compromising its supply-chain. A number of online merchants externalize the payment process to a...
Cross site scripting
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136...