Mail.ru: XSS on https://deti.mail.ru/

deti.mail.ru allowed to insert javascript: links into post content leading to self XSS possibility on message editing...

CVE-2019-4301

BigFix Self-Service Application SSA is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML...

CVE-2019-10798

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype...

CVE-2020-6382

Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2020-6395

Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

Security Bulletin: JavaScript vulnerability affects IBM Sterling B2B Integrator (CVE-2008-7220)

Summary An unspecified error in the Prototype JavaScript framework prototype.js, as used in multiple products, could allow a remote attacker to conduct cross-site Ajax requests using unknown attack vectors. Note: This vulnerability affects the ajax based manager interface, ajamdemo.html, in certa...

CVE-2019-13735

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

DEBIAN-CVE-2019-13730

Type confusion in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

UBUNTU-CVE-2019-13728

Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5825

Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5866

Out of bounds memory access in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5847

Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2019-5852

Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

CVE-2019-13711

Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

Adrenalin Core HCM 5.4.0 Cross Site Scripting

Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0 REQUIRED Tested on: NA C...

Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting

Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link:...

PT-2019-17130 · Ibm · Ibm Security Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Key Lifecycle Manager versions 2.6 through 3.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

CVE-2019-9819

A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7, Firefox 67, and Firefox ESR 60.7...

CVE-2019-11707

A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 60.7.1, Firefox 67.0.3, and Thunderbird 60.7.2...

PT-2019-9571 · Ibm · Ibm Rational Collaborative Lifecycle Management

Name of the Vulnerable Software and Affected Versions: IBM Rational Collaborative Lifecycle Management versions 6.0 through 6.0.6.1 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...