4739 matches found
Out-of-bounds
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsiObjArrayLookup jsiObj.c:274 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to ha...
Buffer overflow
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...
Null pointer dereference
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...
CVE-2018-1000668
Vulnerability detail (CVE-2018-1000668) : In jsish version 2.4.70 (2.047), an out-of-bounds read affects the function jsi_ObjArrayLookup (jsiObj.c:274), potentially causing a crash from a segmentation fault. The issue can be triggered when the victim executes crafted JavaScript code. A fix is ava...
CVE-2018-1000663
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...
CVE-2018-1000661
Affected software: jsish. Vulnerable component: Jsi_LogMsg in jsiUtils.c (line 196). Issue: CWE-476 NULL pointer dereference in version 2.4.67 that can crash via specially crafted JavaScript execution. Impact: crash/segmentation fault as described; exploitation requires user-supplied JavaScript i...
CVE-2018-7795
A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application...
Cross-Site Scripting (XSS)
marked is vulnerable to cross-site scripting XSS. The HTML output of the demo page is not sanitized and allows remote attackers to inject arbitrary Javascript code into a victim's browser...
CVE-2018-1394
Multiple IBM Rational products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138425...
CVE-2018-1000655
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...
CVE-2018-1000636
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at...
Null pointer dereference
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at...
CVE-2018-1000636
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at...
Null pointer dereference
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...
CVE-2018-1000636
JerryScript version Tested on commit f86d7459d195c8ba58479d1861b0cc726c8b3793. Analysing history it seems that the issue has been present since commit 64a340ffeb8809b2b66bbe32fd443a8b79fdd860 contains a CWE-476: NULL Pointer Dereference vulnerability in Triggering undefined behavior at...
CVE-2018-1000655
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...
CVE-2018-15191
PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field...
CVE-2018-15188
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service page structure loss via crafted JavaScript code in the Name field of a profile...
CVE-2018-15188
PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service page structure loss via crafted JavaScript code in the Name field of a profile...