Lucene search
K

5125 matches found

CNVD
CNVD
added 2019/06/28 12:0 a.m.3 views

IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability

IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server. An attacker could exploit the...

5.4CVSS6.3AI score0.00673EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2019/06/22 8:15 a.m.1 views

PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery

As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability CVE-2019-1105 that impacted over 100 million users. However, at that time, very few details of the flaw were available in the...

5.4CVSS6.5AI score0.01817EPSS
Exploits0
NVD
NVD
added 2019/06/18 9:15 p.m.10 views

CVE-2019-12592

A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...

6.1CVSS6.2AI score0.01076EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/06/18 8:38 p.m.17 views

CVE-2019-12592

A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...

6.2AI score0.01076EPSS
Exploits0References2
myhack58
myhack58
added 2019/06/17 12:0 a.m.167 views

The Evernote Chrome extension vulnerability analysis-vulnerability warning-the black bar safety net

! 0x00 Preface 2019, 5 months, Guardio research team discovered Evernote Web Clipper Chrome plugin a serious vulnerability. This is a logical flaw, an attacker can take the destruction domain isolation mechanism to the user identity to execute code, and ultimately to access sensitive user...

0.7AI score0.01076EPSS
Exploits0
The Hacker News
The Hacker News
added 2019/06/13 1:3 p.m.3 views

Critical Flaw Reported in Popular Evernote Extension for Chrome Users

Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do...

6.1CVSS7.2AI score0.01076EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/06/03 12:0 a.m.20 views

Debian DLA-1812-1 : doxygen security update

Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 'Jessie', this problem has been fixed in version 1.8.8-5+deb8u1. We recommend that you upgrade your doxygen packages. NOTE: Tenable Network...

6.1CVSS5.9AI score0.01823EPSS
Exploits0References3
Hacker One
Hacker One
added 2019/06/02 5:9 p.m.81 views

Infogram: Privilege escalation allows to use iframe functionality w/o upgrade

Hello team! I've found a privilege escalation issue which allows to set iframes to the projects w/o upgrading. Steps to reproduce - Login - Navigate to the project - Choose integrations and click the IFrame - See that you'll get upgrade now notification F501019 - Inspect the page with developer...

2.5AI score
Exploits0
OpenVAS
OpenVAS
added 2019/06/01 12:0 a.m.14 views

Debian: Security Advisory (DLA-1812-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS6.6AI score0.01823EPSS
Exploits0References3
Debian
Debian
added 2019/05/31 11:19 p.m.242 views

[SECURITY] [DLA 1812-1] doxygen security update

Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...

6.1CVSS6.5AI score0.01823EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2019/05/27 11:20 a.m.23 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS2.8AI score0.01823EPSS
Exploits0References3
OSV
OSV
added 2019/05/24 5:29 p.m.21 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.2AI score
Exploits0References7
NVD
NVD
added 2019/05/24 5:29 p.m.16 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.1AI score0.01823EPSS
Exploits0References7
Prion
Prion
added 2019/05/24 5:29 p.m.19 views

Cross site scripting

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

4.3CVSS6.6AI score0.01823EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2019/05/24 4:24 p.m.19 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1AI score0.01823EPSS
Exploits0References7
CVE
CVE
added 2019/05/24 4:24 p.m.513 views

CVE-2016-10245

CVE-2016-10245 affects the doxygen package across multiple distributions (e.g., MiracleLinux, EulerOS, NewStart CGSL, etc.). Root cause: insufficient sanitization of the query parameter in templates/html/search_opensearch.php, allowing reflected cross-site scripting or iframe injection. Impact: r...

6.1CVSS6.1AI score0.01823EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2019/05/24 4:24 p.m.22 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.5AI score0.01823EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/05/24 12:0 a.m.22 views

CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.6AI score0.01823EPSS
Exploits0References4
OSV
OSV
added 2019/05/24 12:0 a.m.2 views

UBUNTU-CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...

6.1CVSS6.6AI score0.01823EPSS
Exploits0References5
Hacker One
Hacker One
added 2019/05/23 1:21 a.m.74 views

Tor: Detect Tor Browser's language

Summary Some error pages uses Tor Browser's language based text, and iframe can steal it. Details Since the language of Tor Browser is used for the title of the link tag on 404 error page, an attacker can obtain the language of Tor Browser even if the user has set privacy.spoofenglish to 2. I...

5CVSS0.01856EPSS
Exploits1
Rows per page
Query Builder