RACOM M!DGE cross-site scripting vulnerability (CNVD-2021-12629)

The RACOM M!DGE is a cellular router designed for SCADA and telemetry mission-critical applications and is ideally suited for many different wireless applications. A cross-site scripting vulnerability exists in the RACOM M!DGE firmware version 4.4.40.105. An attacker can exploit this vulnerabilit...

Squaredup Cross-Site Scripting Vulnerability

Squaredup is a web service from Squaredup UK that provides data monitoring capabilities for cloud environments. A cross-site scripting vulnerability exists in SquaredUp versions prior to 4.6.0, which can be exploited by a user to create a dashboard, execute malicious content in an iframe, or uplo...

CVE-2020-12422

In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox 78...

WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass

Description A JavaScript payload such as "javascript:alert1" in a URL could cause a Cross-Site Scripting XSS vulnerability. According to the commit message see references: "wpksesbadprotocol makes sure to validate that uri attributes don’t contain invalid/or not allowed protocols. While this work...

CVE-2019-12566

The WP Statistics plugin through 12.6.5 for Wordpress has stored XSS in includes/class-wp-statistics-pages.php. This is related to an account with the Editor role creating a post with a title that contains JavaScript, to attack an admin user...

Mozilla: Type-confusion in IonMonkey JIT compiler

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

UBUNTU-CVE-2019-9795

A vulnerability where type-confusion in the IonMonkey just-in-time JIT compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

PT-2018-16357 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.2.0.9297 Description: A use-after-free issue in the JavaScript engine of Foxit PDF Reader can be exploited by opening a specially crafted PDF document, potentially leading to arbitrary code execution. An attacker mu...

CVE-2018-14272

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-14241

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

GNOME Web Denial of Service Vulnerability

GNOME Web aka Epiphany is a browser product for the GNOME desktop. The product offers paging, cookie management, pop-up ad control, and more. A security vulnerability exists in the ephy-session.c file of the libephymain.so library in GNOME Web 3.28.2.1 and earlier versions. A remote attacker can...

Private Message PHP Script 2.0 - Cross-Site Scripting

Private Message PHP Script 2.0 - Cross-Site Scripting Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested...

Samsung Internet Browser Security Bypass Vulnerability

Samsung Internet Browser is a web browser product developed by Samsung South Korea. A security vulnerability exists in Samsung Internet Browser version 5.4.02.3. A remote attacker can exploit the vulnerability with specially crafted JavaScript code to bypass the same-origin policy and obtain...

denkzeichen.de XSS vulnerability

Vulnerable URL: http://denkzeichen.de/content/intro/flashdetection.swf?flashContentURL=javascript:alert5389 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

Apple WebKit - HTMLKeygenElement Type Confusion Exploit

Exploit for multiple platform in category dos / poc var range = document.caretRangeFromPoint50, 50; var shadowtreecontainer = range.commonAncestorContainer; shadowtreecontainer.prepend"foo"; keygenelement.disabled = true; 0day.today 2018-01-05...

Tor (Firefox 41 50) - Code Execution

Tor Firefox 41 50 - Code Execution TOR Browser 0day : JavaScript Exploit ! Works on Firefox versions 41 - 50 The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When...

Tor (Firefox 41 &lt; 50) - Code Execution

TOR Browser 0day : JavaScript Exploit ! Works on Firefox versions 41 - 50 The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox version 50. When exploit opened by a Firefox or Tor...

The vulnerability of the Firefox ESR browser allows a malicious attacker to execute arbitrary code or trigger a service denial.

The vulnerability of the asm.js component in the Firefox ESR browser lies in its improper handling of safe exception handling during JIT-compilation and access to dynamic memory. Exploiting this vulnerability allows a malicious actor to gain access to data in separate memory segments, and then...

The vulnerability of the SeaMonkey software package allows a malicious attacker to trigger a service failure or execute arbitrary code.

The SeaMonkey software contains a vulnerability in the nsXBLProtoImpl::InstallImplementation function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure using JavaScript, which processes XBL objects in the same way as XBL...