5123 matches found
Patched Microsoft Office 365 XSS Vulnerability Disclosed
A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...
Feedburner Hosting Malicious JavaScript Dropper
A sub-domain of Google’s Feedburner RSS management platform is hosting a string of malicious JavaScript embedded with an iFrame, all of which is designed to upload a Trojan onto user machines and redirect visitors to a series of malicious sites. According to a report published by the security fir...
CVE-2013-6328
Cross-site scripting XSS vulnerability in the Web Content Manager WCM UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors...
CVE-2013-6328
The CVE-2013-6328 entry describes a Cross-site scripting (XSS) flaw in the Web Content Manager (WCM) UI of IBM WebSphere Portal. Affected products span IBM WebSphere Portal 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x (up to 6.1.5.3 CF27), 7.0.0.x (up to 7.0.0.2 CF26), and 8.0.0.x (before 8.0.0.1 CF09)....
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover
iScripts MultiCart 2.4 - Persistent Cross-Site Scripting Cross-Site Request Forgery Cross-Site Scripting Cross-Site Request Forgery Mass Accounts Takeover Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery body...
iScripts MultiCart 2.4 Cross Site Request Forgery / Cross Site Scripting
Exploit Title : iScripts MultiCart same product id for which you submited the review. Cross-site request forgery input type=hidden size=30 maxlengt...
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : firefox vulnerabilities (USN-2052-1)
Ben Turner, Bobby Holley, Jesse Ruderman, Christian Holler and Christoph Diehl discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or...
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)
Cross-site scripting XSS vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a...
Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
CVE-2013-5614
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
CVE-2013-5614
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
Design/Logic Flaw
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
Mozilla: Sandbox restrictions not applied to nested object elements (MFSA 2013-107)
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
CVE-2013-5614
Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attackers to bypass intended sandbox restrictions via a crafted web site...
CVE-2013-5404
Cross-site scripting XSS vulnerability in the search implementation in IBM Rational Quality Manager RQM 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to...
Cross site scripting
Cross-site scripting XSS vulnerability in the search implementation in IBM Rational Quality Manager RQM 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to...
CVE-2013-5404
Cross-site scripting XSS vulnerability in the search implementation in IBM Rational Quality Manager RQM 2.0 through 2.0.1.1, 3.x before 3.0.1.6 iFix 1, and 4.x before 4.0.5, as used in Rational Team Concert, Rational Requirements Composer, and other products, allows remote authenticated users to...
Sandbox restrictions not applied to nested object elements — Mozilla
Mozilla security developer Daniel Veditz discovered that restrictions are not applied to an element contained within a sandboxed iframe. This could allow content hosted within a sandboxed iframe to use element to bypass the sandbox restrictions that should be applied...
DOM XSS in dhtmlHistory.js when using IE
In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...
DOM XSS in dhtmlHistory.js when using IE
In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...