5125 matches found
IBM InfoSphere Information Server Cross-Frame Scripting Vulnerability
IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server. An attacker could exploit the...
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability CVE-2019-1105 that impacted over 100 million users. However, at that time, very few details of the flaw were available in the...
CVE-2019-12592
A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...
CVE-2019-12592
A universal Cross-site scripting UXSS vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame...
The Evernote Chrome extension vulnerability analysis-vulnerability warning-the black bar safety net
! 0x00 Preface 2019, 5 months, Guardio research team discovered Evernote Web Clipper Chrome plugin a serious vulnerability. This is a logical flaw, an attacker can take the destruction domain isolation mechanism to the user identity to execute code, and ultimately to access sensitive user...
Critical Flaw Reported in Popular Evernote Extension for Chrome Users
Cybersecurity researchers discover a critical flaw in the popular Evernote Chrome extension that could have allowed hackers to hijack your browser and steal sensitive information from any website you accessed. Evernote is a popular service that helps people taking notes and organize their to-do...
Debian DLA-1812-1 : doxygen security update
Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 'Jessie', this problem has been fixed in version 1.8.8-5+deb8u1. We recommend that you upgrade your doxygen packages. NOTE: Tenable Network...
Infogram: Privilege escalation allows to use iframe functionality w/o upgrade
Hello team! I've found a privilege escalation issue which allows to set iframes to the projects w/o upgrading. Steps to reproduce - Login - Navigate to the project - Choose integrations and click the IFrame - See that you'll get upgrade now notification F501019 - Inspect the page with developer...
Debian: Security Advisory (DLA-1812-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 1812-1] doxygen security update
Package : doxygen Version : 1.8.8-5+deb8u1 CVE ID : CVE-2016-10245 Insufficient sanitization of the query parameter in searchopensearch.php could lead to reflected cross-site scripting or iframe injection. For Debian 8 "Jessie", this problem has been fixed in version 1.8.8-5+deb8u1. We recommend...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
Cross site scripting
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
CVE-2016-10245 affects the doxygen package across multiple distributions (e.g., MiracleLinux, EulerOS, NewStart CGSL, etc.). Root cause: insufficient sanitization of the query parameter in templates/html/search_opensearch.php, allowing reflected cross-site scripting or iframe injection. Impact: r...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
UBUNTU-CVE-2016-10245
Insufficient sanitization of the query parameter in templates/html/searchopensearch.php could lead to reflected cross-site scripting or iframe injection...
Tor: Detect Tor Browser's language
Summary Some error pages uses Tor Browser's language based text, and iframe can steal it. Details Since the language of Tor Browser is used for the title of the link tag on 404 error page, an attacker can obtain the language of Tor Browser even if the user has set privacy.spoofenglish to 2. I...