242 matches found
UBUNTU-CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
Cross site scripting
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2013-7452
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting XSS filter via a crafted javascript URI...
CVE-2013-7452
Removed by vendor...
Airmail 3.0.2 Cross Site Scripting
Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, [email protected] Date: 2016-08-15 Version: 3.0.2 and earlier Platform: OS X and iOS Site: http://airmailapp.com/...
Airmail 3.0.2 - Cross-Site Scripting
Exploit for macOS platform in category web applications Airmail is a popular email client on iOS and OS X. I found a vulnerability in airmail of the latest version which could cause a file:// xss and arbitrary file read. Author: redrain, email protected Date: 2016-08-15 Version: 3.0.2 and earlier...
Disucz X3.2 多处反射型XSS漏洞(函数缺陷导致)
简要描述: 某函数缺陷导致的 XSS。 详细说明: member.php?mod=logging&action=login&referer=javascript://www.discuz.net/ 欢迎您回来,Newbie xx,现在将转入登录前页面setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000;setTimeout"window.location.href ='javascript://www.discuz.net/';", 2000; 如果您的浏览器没有自动跳转,请点击此链接...
CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
DEBIAN-CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
Cross site scripting
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
UBUNTU-CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
CVE-2012-6684
Cross-site scripting XSS vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI...
Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9827/info Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious...
Microsoft Internet Explorer 7/8 HTML Attribute JavaScript URI Security Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35455/info Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly enforce restrictions on script behavior. An attacker may exploit this issue to bypass restrictions on the...
Adobe Acrobat 11.0.4 Crafted PDF File Handling JavaScript Scheme URI Execution (APSB13-25)
The version of Adobe Acrobat installed on the remote host is 11.0.4. It is, therefore, affected by a flaw in the handling of specially crafted PDF files. This can allow an attacker to launch JavaScript URI schemes. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid70342...
Firefox < 23.0 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by multiple vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...
Firefox < 23.0 Multiple Vulnerabilities
The installed version of Firefox is earlier than 23.0 and is, therefore, potentially affected by the following vulnerabilities : - Various errors exist that could allow memory corruption conditions. CVE-2013-1701, CVE-2013-1702 - Use-after-free errors exist related to DOM modification when using...
CVE-2011-1158
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...
Mozilla Products 'javascript:' URI XSS Vulnerability (Sep 2009) - Windows
Mozilla Products are prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2009-3017
CVE-2009-3017 concerns Orca Browser 1.2 build 5. The issue is an improper handling of data: URIs and javascript: URIs in HTTP headers (Refresh and Location) and in 302 error documents, enabling cross-site scripting (XSS) via multiple header/URL vectors. The connected documents corroborate user-as...