i18next cross-site scripting vulnerability (CNVD-2018-14353)

i18next is a translation loading framework written in JavaScript. A cross-site scripting vulnerability exists in i18next 1.10.2 and earlier versions. A remote attacker can exploit this vulnerability by injecting script into the browser with the help of dictionary key names...

DEBIAN-CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

CVE-2018-11396

Epiphany (GNOME Web) is affected by CVE-2018-11396 through the component ephy-session.c in libephymain.so, with the vulnerability allowing a remote attacker to crash the application via crafted JavaScript (e.g., window.open triggering a NULL URL). Public sources in connected documents describe a ...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

EUVD-2017-9387

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service resource consumption via a long alert argument in JavaScript code, because window dialogs are mishandled...

Prototype Pollution

Overview lodash.mergewith is a Lodash method .mergewith exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this functio...

Microsoft Edge: Chakra: JIT: Incorrect bounds calculation(CVE-2018-0769)

Let's start with comments in the "GlobOpt::TrackIntSpecializedAddSubConstant" method. // Track bounds for add or sub with a constant. For instance, consider b = a + 2. The value of 'b' should track // that it is equal to the value of 'a' + 2. That part has been done above. Similarly, the value of...

CVE-2017-1000144

Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages...

04_nodeblog (=1.0.0), 08cms (=1.0.0) +17241 more potentially affected by CVE-2015-8858 via uglify-js (>=0.0.1 <=2.5.0)

uglify-js NPM version =0.0.1, =0.3.0, =0.0.1, =1.0.2, =1.0.1, =1.0.0, =0.0.1, =1.0.0-alpha - 3vot-clay =2.0.1 and more Source cves: CVE-2015-8858 Source advisory: OSV:GHSA-C9F4-XJ24-8JQX...

duplicazionecdrom.it XSS vulnerability

Open Bug Bounty ID: OBB-359803 Description| Value ---|--- Affected Website:| duplicazionecdrom.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Mapbox.js cross-site scripting vulnerability (CNVD-2017-27716)

Mapbox.js is a U.S. Mapbox company's open source for rapid development of interactive map library . A cross-site scripting vulnerability exists in Mapbox.js version 1.x before 1.6.6 and version 2.x before 2.2.4. A remote attacker can exploit this vulnerability to inject scripted content into the...

The vulnerability in the JavaScript script of Internet Explorer and Microsoft Edge browsers allows attackers to induce a service failure.

The vulnerability of the JavaScript script in Internet Explorer and Microsoft Edge browsers arises from operations that go beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

Apple Safari 10.0.3(12602.4.8) WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting

Apple Safari 10.0.312602.4.8 WebKit - HTMLObjectElement::updateWidget Universal Cross-Site Scripting url; ... if !allowedToLoadFrameURLurl return; ... bool beforeLoadAllowedLoad = guardedDispatchBeforeLoadEventurl; ... bool success = beforeLoadAllowedLoad && hasValidClassId; if success success =...

Ember.js Cross-Site Scripting Vulnerability

Tilde Ember.js is the United States Tilde company's set of JavaScript framework for creating Web applications . A cross-site scripting vulnerability exists in Ember.js. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

W3C High Resolution Time API AnC Attack Vulnerability

The W3C High Resolution Time API is a set of JavaScript interfaces for providing web applications with a sub-millisecond resolution of the current time format. A security vulnerability exists in the W3C High Resolution Time API. The vulnerability can be exploited by an attacker with specially...

The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, allow attackers to execute arbitrary code.

The vulnerability of JavaScript programs for viewing PDF files in Adobe Reader, Document Cloud, Adobe Acrobat, and other PDF editing programs is related to the use of memory after it is freed. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code related to the...

UBUNTU-CVE-2016-9904

An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox 50.1, Firefox...

Cross-Site Scripting (XSS)

django-allauth is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the facebook and persona providers because the fields do not escape javascript...