Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via an id parameter containing a JavaScript onLoad event handler for a BODY element, related to a "tag body" attack. NOTE: this was originally reported as...

Cross site scripting

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting XSS protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element...

Cross site scripting

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

Google Chrome 'KEYGEN' Element Denial Of Service Vulnerability

This host is installed with Google Chrome and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromekeygendosvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ Google Chrome 'KEYGEN' Element Denial Of Service Vulnerability Authors: Sharath S Copyright: Copyright...

Code injection

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

CVE-2009-1828

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

CVE-2009-1828

Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service infinite loop, application hang, and memory consumption via a KEYGEN element in conjunction with 1 a META element specifying automatic page refresh or 2 a JavaScript onLoad event handler for a BODY element. NOTE: it was...

VulnCheck KEV: CVE-2005-1790

Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and earlier versions, allows remote attackers to cause a denial of service crash and execute arbitrary code via a Javascript BODY onload event that calls the window function, aka "Mismatched Document Object Model Objects...