5777 matches found
Rapid7 Metasploit Editions Cross-Site Scripting Vulnerability
Rapid7 Metasploit is an open source security vulnerability detection tool from Rapid7, Inc. Metasploit Express, Community and Pro are different versions. A cross-site request forgery vulnerability exists in Rapid7 Metasploit Express, Community, and Pro, which stems from the program failing to...
Gratipay: CSP Policy Bypass and javascript execution Still Not Fixed
Summary Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to...
Gratipay: CSP Policy Bypass and javascript execution
Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to declare...
FortiOS XSS vulnerabilities via User Groups & Config Revision Comments
Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...
Microsoft SharePoint Server CVE-2017-8551 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
Security update for chromium (important)
This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...
openSUSE: Security Advisory for chromium (openSUSE-SU-2017:1502-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2017:1502-1 Security update for chromium
This update to Chromium 59.0.3071.86 fixes the following security issues: - CVE-2017-5070: Type confusion in V8 - CVE-2017-5071: Out of bounds read in V8 - CVE-2017-5072: Address spoofing in Omnibox - CVE-2017-5073: Use after free in print preview - CVE-2017-5074: Use after free in Apps Bluetooth...
Cross-site Scripting (XSS)
Moodle is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript by uploading a zip file through the assignment submission function. This results in text and HTML being rendered during a download all action...
Google Chrome WebUI Page JavaScript Code Execution Vulnerability
Google Chrome is a web browser developed by Google, Inc.WebUI pages are a graphical user interface. A JavaScript code execution vulnerability exists in WebUI pages in versions of Google Chrome prior to 59.0.3071.86. An attacker can exploit this vulnerability to execute JavaScript code...
chromium-browser: inappropriate javascript execution on webui pages
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark...
Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 59 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 59.0.3071.86 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...
Hitachi Device Manager and Replication Manager Cross-Site Scripting Vulnerability
Hitachi Device Manager and Replication Manager are both products of Hitachi, Japan.Hitachi Device Manager is software that manages multiple Hitachi storage systems from a single console and provides logical view capabilities to align storage assets with business applications. Replication Manager ...
CVE-2017-9298
Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code...
Tenable Network Security Nessus Cross-Site Scripting Vulnerability
Tenable Network Security Nessus is a highly scalable open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in Tenable Network Security Nessus. A remote attacker can exploit this vulnerability to execute arbitrary avaScript in the current...
CVE-2017-6340
Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 before CP 1746 does not sanitize a rest/commonlog/report/template name field, which allows a 'Reports Only' user to inject malicious JavaScript while creating a new report. Additionally, IWSVA implements incorrect access control that...
CVE-2016-9169
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially...
Cross site scripting
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially...
XSS in Data URI
Overview Affected versions of remarkable are vulnerable to cross-site scripting. Vulnerable versions of the package allow the use of data: URIs in links, and can therefore execute javascript. Proof of Concept link Recommendation Update to v1.7.0 or later References - Issue 227 - GitHub Advisory...
CVE-2017-2929
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution...