CVE-2015-2727

Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. NOTE: this vulnerability exists because of a...

Thycotic Secret Server 8.8.000004 Cross Site Scripting

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html CVE ID : CVE-2015-3443 Product: Secret Server 1 Vendor: Thycotic Subject: Stored Cross-Site Scripting Vulnerability XSS Risk: High Effect: Remotely exploitable Author: Marco Delai [email protected] Date: June 24th 2015...

Cisco Application and Content Networking System URL Page Return Cross-Site Scripting Vulnerability

A vulnerability in Cisco Application and Content Networking System ACNS could allow an unauthenticated, remote attacker to conduct cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of the URL of pages that are not accessible to the end user that could be return...

Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-03354)

Blink is a browser typography engine developed by Google and Opera Software. Blink suffers from a same-origin policy bypass vulnerability. It allows remote attackers to bypass the same-origin policy via carefully crafted JavaScript code...

Google Chrome < 43.0.2357.65 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.65. It is, therefore, affected by multiple vulnerabilities as referenced in the 201505stable-channel-update19 advisory. - Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attacke...

CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

Server side request forgery (ssrf)

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

CVE-2015-1260

Multiple use-after-free vulnerabilities in content/renderer/media/usermediaclientimpl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon...

CVE-2015-1260

Removed by vendor...

Analysis WordPress a js Backdoor-vulnerability warning-the black bar safety net

We were recently in a lot of WordPress sites to find a for a collection the administrator login credentials for the backdoor, the injured site is to insert a concealment code, when an administrator logs on, the code is triggered, the Administrator's login credentials are encrypted by the GET...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

CVE-2015-3336

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Design/Logic Flaw

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENTSETTINGSTYPEFULLSCREEN and CONTENTSETTINGSTYPEMOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service UI disruption by constructing a crafted HTML document containing...

Type confusion

The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type...

CVE-2015-1242

Removed by vendor...

Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities

Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...

Design/Logic Flaw

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origi...

Cross site scripting

Cross-site scripting XSS vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component...

CVE-2015-1773

Cross-site scripting XSS vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component...

Mapbox: Persistent cross-site scripting (XSS) in map attribution

Hello, I have found a Persistent Cross Site Scripting vulnerability when using a custom style uploaded by myself. Mapbox Studio allows create and upload styles for your maps. So if we create a new style with javascript code as attribution value it will be executed when loading a map that uses our...