CVE-2014-10065

Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content...

CVE-2016-10531

CVE-2016-10531 affects the marked library (0.3.5 and earlier). The issue arises when parsing HTML entities: &#xNN... leaves trailing text, allowing bypass of sanitize: true and injection of a javascript: URL. This enables cross-site scripting via markdown-rendered links. Affected: marked where li...

Cross-site Scripting (XSS)

bootstrap is vulnerable to Cross-site Scripting XSS. The library does not properly sanitize the parent variable in collapse.js, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

sinatra is vulnerable to cross-site scripting XSS attacks. The library fails to properly escape the e.message variable in a bad request page, allowing a malicious user to inject and execute arbitrary Javascript...

MISP cross-site scripting vulnerability (CNVD-2018-10868)

MISP is a suite of open source software solutions for collecting, storing, distributing and sharing cybersecurity metrics and threats cybersecurity event analysis and malware analysis. A cross-site scripting vulnerability exists in the app/View/Elements/eventattribute.ctp file in MISP version...

EulerOS 2.0 SP1 : firefox (EulerOS-SA-2018-1125)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Use-after-free in compositor potentially allows code execution CVE-2018-5148 - Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8...

Stored Cross-Site Scripting Vulnerability in Safetrans SaaS System

The SaaS system is an informatization system developed by Xiaobei Technology for medium and large-scale sports events and outdoor activities, providing one-stop informatization solutions for organizers in the areas of event release, registration and collection, membership marketing, photo sharing...

WordPress Loginizer Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Loginizer plugin is one of the access control plugin. A cross-site scripting vulnerability exists in the...

CentOS Update for firefox CESA-2018:1414 centos6

Check the version of firefox SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882879";...

marte.sid.inpe.br XSS vulnerability

Open Bug Bounty ID: OBB-618194 Description| Value ---|--- Affected Website:| marte.sid.inpe.br Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20180515)

This update upgrades Firefox to version 52.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

Scientific Linux Security Update : firefox on SL7.x x86_64 (20180515)

This update upgrades Firefox to version 52.8.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8 CVE-2018-5150 - Mozilla: Backport critical security fixes in Skia CVE-2018-5183 - Mozilla: Use-after-free with SVG animations and clip paths CVE-2018-5154 -...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Cross site scripting

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the redirectUrl...

Mozilla Firefox JavaScript Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A malicious JavaScript injection vulnerability exists in Mozilla Firefox. The vulnerability arises because the PDF viewer fails to adequately validate the PostScript calculator functionality. T...

UBUNTU-CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...

IBM BigFix Platform Cross-Site Scripting Vulnerability (CNVD-2018-08995)

IBM BigFix Platform is a dynamic integrated messaging content-driven and management system multi-technology platform from IBM in the U.S. The BigFix Console is one of the console components. A cross-site scripting vulnerability exists in the BigFix Console component and the BigFix Relay Diagnosti...