214 matches found
Cross-site Scripting (XSS)
Mozilla is vulnerable to cross-site scripting XSS. It does not handle the parameters provided through title and textarea elements using innerHTML, allowing an attacker to inject arbitrary scripts through it...
Mozilla Firefox < 68.0
The version of Firefox installed on the remote Windows host is prior to 68.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-21 advisory. - Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such ...
Cross-site Scripting (XSS)
@ionic/core is vulnerable to cross-site scripting XSS. The attack exists because the unsafe innerHTML function is rendered directly on the alert-message string with the following components: .message,.placeholder, .loadingText, .pullingText, .refershingText...
GHSA-8V67-X8Q5-3X3G Cross-Site Scripting in simditor
Versions of simditor prior to 2.3.22 are vulnerable to Cross-Site Scripting. The package does not sanitize user input that is rendered with innerHTML, allowing attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 2.3.22 or later...
Ed: DOM XSS in edoverflow.com/tools/respond due to unsafe usage of the innerHTML property.
Hi, There's a DOM XSS vulnerability on edoverflow.com. This cannot be exploited without user-interaction so I had to make a clickjacking PoC to trick the user in triggering the payload her/himself. Reproduction Steps 1. Open the attached HTML document in FireFox. 2. Drag Frog 1 to the other two...
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...
CVE-2017-17692
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property...
Samsung Internet Browser SOP Bypass
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...
Mutation Cross-site Scripting (XSS)
angular is vulnerable to mutation cross-site scripting XSS attack. A malicious user can inject arbitrary Javascript through the innerHTML property that is then executed when the browser mutates it...
Cross-site Scripting (XSS)
Overview angularjs is a Affected versions of this package are vulnerable to Cross-site Scripting XSS. Browsers mutate attributes values such as javascript:alert1 when they are written to the DOM via innerHTML in various vendor specific ways. In Chrome CLICKME'; var innerHTML = h1.innerHTML;...
CVE-2017-7799
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...
UBUNTU-CVE-2017-7799
JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...
Microsoft Internet Explorer Denial of Service Vulnerability
Microsoft Internet Explorer IE is a Web browser developed by the American company Microsoft and is the default browser that comes with the Windows operating system. A denial of service vulnerability exists in Microsoft Internet Explorer, which is caused by the re-exploitation of CTreePos after it...
django: XSS in admin's add/change related popup
A cross-site scripting XSS flaw was found in Django. An attacker could exploit the unsafe usage of JavaScript's Element.innerHTML to forge content in the admin's add/change related pop-up. Element.textContent is now used to prevent XSS data execution...
PYSEC-2016-2
Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...
PYSEC-2016-2
Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...
UBUNTU-CVE-2016-6186
Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...
Microsoft Internet Explorer textNode Use-After-Free
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Ember.js XSS Vulnerability With {{link-to}} Helper in Non-block Form
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, a change made to the implementation of the link-to helper means that any user-supplied data bound to the link-to helper's title attribute will not be escaped...